Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Self-replicating Trojan Hits Google’s Orkut

Researchers at the security company Symantec have reported that hackers are exploiting Google's social networking site Orkut to infect users' computers with a self-propagated Trojan, as reported by SC MAGZINE on February 26, 2008.

According to the security researchers, the Trojan spreads its infection by attacking those systems that are included in the Orkut users' list of friends. There, it downloads more malicious software in the attacking process. Symantec thinks that the cyber crook could inject yet another malicious payload next time.

Javier Santoyo, Senior Manager of Emerging Technologies, Symantec, said that previously, people encountered infected links embedded on social networking Websites but use of such sites to deliver a self-propagating worm is seen for the first time, as reported by SCMagazineUS on February 26, 2008.

Santoyo said that the infection from the Orkut starts when a person clicks an Orkut user's 'scrap' message that contains malicious link. On pressing enter for the Flash-like picture, the user is redirected to a malware-hosting Website containing a JavaScript code, which further dispatches malicious 'scrap' notes to all of the other users on the victim's buddy list.

Symantec researchers further said that the scrap utilizes Google domain links that help to avoid validation by Google's CAPTCHA, a scrambled distorted character code that Web operators use to prevent automatic introduction of data into different Web forms.

According to researchers, the interesting part of the attack relates to the worm employing a request of redirection URL from a Google video film to point to the sinister site and get past the CAPTCHA validation.

With regard to the Portuguese language pop-up screen, Symantec found that it encourages the Orkut user to execute a Flash Player file, for instance, Instal_flash_player9.7.0.exe. But , in reality, the crafty URL loads the Trojan onto the system of the user.

Since the pop-up message is in Portuguese language, the infection appears to be limited to Brazil and some India-based computers. But, as the security threat itself uses a unique technique, it is important for people to know that the messages they receive from known people on sites for social networking might not necessarily be postings from them, researchers said.

Related article: Self-Changing malware Keeps Criminals Ahead of Protection Software

» SPAMfighter News - 3/6/2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page