Fake Twitter profile punts Orkut attack
Tainted tweets target twits
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Miscreants are using a fake Twitter profile in a bid to spread malware that harvests login credentials for Orkut.
Updates to the fake Twitter profile are supposedly being followed by 17 punters, but they're all fake, according to Chris Boyd, director of malware research at IM security firm Facetime.
Twittery Trojan
The profile is designed to trick would-be marks into viewing a photo album on Orkut, which supposedly requires a Flash update to view. This bogus Flash update is contaminated by malware, specifically the OrkutTron Trojan.
OrkutTron performs a variety of malicious actions including an attempt to snaffle login credentials for Orkut, the Google-run social networking site that's particularly big in Brazil. Fitting in with this theme, the fake Twitter profile is written in Portuguese.
Attacks targeting Orkut are relatively commonplace, but as Boyd notes, the use of Twitter represents an innovation in such hacking attacks. ®
COMMENTS
<no title>
That's the problem with the current system. One is often told one needs to update some thing or other, and it is all too easy to assume the suggestion is legit :-( What is needed instead is a warning that your system isn't up to date and the URL of the official site to go for the update, if desired. At least that gives one a chance to spot dodgy looking URLs.
famous!
Woo! This just in from McAfee
Notice
This is a Low-Profiled Threat Notice for PWS-Banker
Justification
PWS-Banker has been deemed Low-Profiled due to media attention at http://www.theregister.co.uk/2008/09/09/twitter_orkut_attack/.
PWS-Banker is referred to as the "OrkutTron Trojan" in article at theregister.co.uk.
Read About It
Information about PWS-Banker is located on VIL at: http://vil.nai.com/vil/content/v_124984.htm
Detection
PWS-Banker was first discovered on June 6, 2004 and detection, for this particular variant, was added to the 5156 dat files (Release Date: November 5, 2007).
If you suspect you have PWS-Banker, please submit a sample to http://www.webimmune.net
Risk Assessment Definition
For further information on the Risk Assessment and Avert Labs Recommended Actions please see: <http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html>
For breaking security information from McAfee® Avert® Labs visit:
McAfee Avert Labs Blog
http://www.avertlabs.com/research/blog
AudioParasitics - The Official PodCast of McAfee Avert Labs
http://podcasts.mcafee.com/audioparasitics
Sign up for McAfee® Avert® Labs Security Advisories
http://www.mcafee.com/us/threat_center/securityadvisory/signup.aspx
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
