Self-replicating Trojan Hits Google’s Orkut

Researchers at the security company Symantec have reported that hackers are exploiting Google's social networking site Orkut to infect users' computers with a self-propagated Trojan, as reported by SC MAGZINE on February 26, 2008.

According to the security researchers, the Trojan spreads its infection by attacking those systems that are included in the Orkut users' list of friends. There, it downloads more malicious software in the attacking process. Symantec thinks that the cyber crook could inject yet another malicious payload next time.

Javier Santoyo, Senior Manager of Emerging Technologies, Symantec, said that previously, people encountered infected links embedded on social networking Websites but use of such sites to deliver a self-propagating worm is seen for the first time, as reported by SCMagazineUS on February 26, 2008.

Santoyo said that the infection from the Orkut starts when a person clicks an Orkut user's 'scrap' message that contains malicious link. On pressing enter for the Flash-like picture, the user is redirected to a malware-hosting Website containing a JavaScript code, which further dispatches malicious 'scrap' notes to all of the other users on the victim's buddy list.

Symantec researchers further said that the scrap utilizes Google domain links that help to avoid validation by Google's CAPTCHA, a scrambled distorted character code that Web operators use to prevent automatic introduction of data into different Web forms.

According to researchers, the interesting part of the attack relates to the worm employing a request of redirection URL from a Google video film to point to the sinister site and get past the CAPTCHA validation.

With regard to the Portuguese language pop-up screen, Symantec found that it encourages the Orkut user to execute a Flash Player file, for instance, Instal_flash_player9.7.0.exe. But , in reality, the crafty URL loads the Trojan onto the system of the user.

Since the pop-up message is in Portuguese language, the infection appears to be limited to Brazil and some India-based computers. But, as the security threat itself uses a unique technique, it is important for people to know that the messages they receive from known people on sites for social networking might not necessarily be postings from them, researchers said.

Related article: Self-Changing malware Keeps Criminals Ahead of Protection Software

» SPAMfighter News - 3/6/2008