Fake Twitter profile punts Orkut attack

Tainted tweets target twits

Miscreants are using a fake Twitter profile in a bid to spread malware that harvests login credentials for Orkut.

Updates to the fake Twitter profile are supposedly being followed by 17 punters, but they're all fake, according to Chris Boyd, director of malware research at IM security firm Facetime.

Twittery Trojan

The profile is designed to trick would-be marks into viewing a photo album on Orkut, which supposedly requires a Flash update to view. This bogus Flash update is contaminated by malware, specifically the OrkutTron Trojan.

OrkutTron performs a variety of malicious actions including an attempt to snaffle login credentials for Orkut, the Google-run social networking site that's particularly big in Brazil. Fitting in with this theme, the fake Twitter profile is written in Portuguese.

Attacks targeting Orkut are relatively commonplace, but as Boyd notes, the use of Twitter represents an innovation in such hacking attacks. ®

Sponsored: 5 critical considerations for enterprise cloud backup