Orkut worm feeds on scraps
PrintFrom social networking to social engineering
Posted in Software & Security, 29th February 2008 23:21 GMT
Free whitepaper – What Exchange can't do - and Dell can
Malware authors have written a worm for Orkut, Google-owned networking site that's big in Brazil.
The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.
People who click on the link are redirected to an external site hosting malware that's disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims' friends, recommencing the infection cycle.
An analysis by Symantec can be found here.
Judging by the counter on a web page associated with the malware (not the most reliable of indicators) about 13,000 users are already infected by the Scrapkut worm, which isn't - for now - doing anything particularly nasty other than spreading.
By contrast an earlier worm that spread across the Orkut network last December infected an estimated 655,000 people. Google plugged the cross-site scripting (XSS) error that made the attack possible hours later, thwarting tfurther propagation of that fast-spreading worm. ®
Free whitepaper – Managing desktop software for fun and profit
The Register Agile Data Center Summit
Straight Talk with Dell: Sending out an SaaS
Seven ways to optimize VMware server virtualization
Automating the Acquisition Process with Enterprise Level CRM
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs