Miscreants are using a fake Twitter profile in a bid to spread malware that harvests login credentials for Orkut.

Updates to the fake Twitter profile are supposedly being followed by 17 punters, but they're all fake, according to Chris Boyd, director of malware research at IM security firm Facetime.

Twittery Trojan

The profile is designed to trick would-be marks into viewing a photo album on Orkut, which supposedly requires a Flash update to view. This bogus Flash update is contaminated by malware, specifically the OrkutTron Trojan.

OrkutTron performs a variety of malicious actions including an attempt to snaffle login credentials for Orkut, the Google-run social networking site that's particularly big in Brazil. Fitting in with this theme, the fake Twitter profile is written in Portuguese.

Attacks targeting Orkut are relatively commonplace, but as Boyd notes, the use of Twitter represents an innovation in such hacking attacks. ®

Related stories

• Fake TweetDeck update lures prompt password resets (31 August 2010)
• Pink Floyd worm spreads on 'Chinese Facebook' (25 August 2009)
• Hijacked Twitter accounts spread Koobface worm (10 July 2009)
• Twitter fights celeb imposters with Verified Account scheme (8 June 2009)
• Twitter users hit by smut spam hack attack (9 March 2009)
• Twitter SMS spoofing still undead (6 March 2009)
• Scareware scammers Rickroll Digg (12 February 2009)
• Footy star sues Facebook over fake fascist profile (9 February 2009)
• Spammers target Twitter (27 January 2009)
• Bogus LinkedIn profiles punt malware to fools (6 January 2009)
• Fake Vint Cerf tweets link spam on Twitter (10 December 2008)
• Twitter silenced in Canada (27 November 2008)
• Telco 2.0 Company That Can't Be Named slams critics (11 November 2008)
• Twitter falls silent in the UK (14 August 2008)
• Twitter Trojan targets tossers (5 August 2008)
• Orkut worm feeds on scraps (29 February 2008)