The Register® — Biting the hand that feeds IT

Feeds

Fake Twitter profile punts Orkut attack

Tainted tweets target twits

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Miscreants are using a fake Twitter profile in a bid to spread malware that harvests login credentials for Orkut.

Updates to the fake Twitter profile are supposedly being followed by 17 punters, but they're all fake, according to Chris Boyd, director of malware research at IM security firm Facetime.

Twittery Trojan

The profile is designed to trick would-be marks into viewing a photo album on Orkut, which supposedly requires a Flash update to view. This bogus Flash update is contaminated by malware, specifically the OrkutTron Trojan.

OrkutTron performs a variety of malicious actions including an attempt to snaffle login credentials for Orkut, the Google-run social networking site that's particularly big in Brazil. Fitting in with this theme, the fake Twitter profile is written in Portuguese.

Attacks targeting Orkut are relatively commonplace, but as Boyd notes, the use of Twitter represents an innovation in such hacking attacks. ®

Agentless Backup is Not a Myth

Latest Comments
Anonymous Coward

<no title>

That's the problem with the current system. One is often told one needs to update some thing or other, and it is all too easy to assume the suggestion is legit :-( What is needed instead is a warning that your system isn't up to date and the URL of the official site to go for the update, if desired. At least that gives one a chance to spot dodgy looking URLs.

0
0

famous!

Woo! This just in from McAfee

Notice

This is a Low-Profiled Threat Notice for PWS-Banker

Justification

PWS-Banker has been deemed Low-Profiled due to media attention at http://www.theregister.co.uk/2008/09/09/twitter_orkut_attack/.

PWS-Banker is referred to as the "OrkutTron Trojan" in article at theregister.co.uk.

Read About It

Information about PWS-Banker is located on VIL at: http://vil.nai.com/vil/content/v_124984.htm

Detection

PWS-Banker was first discovered on June 6, 2004 and detection, for this particular variant, was added to the 5156 dat files (Release Date: November 5, 2007).

If you suspect you have PWS-Banker, please submit a sample to http://www.webimmune.net

Risk Assessment Definition

For further information on the Risk Assessment and Avert Labs Recommended Actions please see: <http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html>

For breaking security information from McAfee® Avert® Labs visit:

McAfee Avert Labs Blog

http://www.avertlabs.com/research/blog

AudioParasitics - The Official PodCast of McAfee Avert Labs

http://podcasts.mcafee.com/audioparasitics

Sign up for McAfee® Avert® Labs Security Advisories

http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx

0
0

Tainted tweets target twits

+1 bestest byline ever

0
0

More from The Register

 breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
 breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
 breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving