The Net has a long history of hoaxes and many of the "best" seem to involve dire warnings of virus attacks that simply don't exist. But this time, it's different.It is time for another thrilling adventure into the world of security threats. Apparently, Orkut is on a hacker's list. It is one of the most popular social networking sites in Latin America and the second most visited site in India.
Security Research firm Websense has released an alert notifying the general public that some people are using Orkut to spread Trojan links in messages disguised as official email from Orkut. This campaign is another attempt by spammers to profit from popular Web 2.0 services and seems to be a continued attack targeting Orkut.
Another method : An Orkut user gets a random message in Portuguese from a spooky Orkut member looking for a hook-up, who persuades the user to click on the given link. Clicking on a link actually leads to a malicious executable file, which is a Trojan Downloader named "imagem.exe" (SHA1: 6862b862877e5cb9f2180cc53ee4338977bc0efb). This subsequently opens the Orkut login page while a password-stealing Trojan called 'msn.exe' (SHA1: eee7ea71e6ce023fb9000ed75854a8cfd1fafe63) is downloaded in the background. "msn.exe" is copied to various system locations, using different names: "plugin.exe","kss.exe." These copies are bound to the system's start up. The Trojans are hosted on a compromised labour-union web site from southern Brazil, according to Websense. This continues the trend of malicious code hosted on compromised Web sites. Google is said to be investigating the issue at the moment.
The Trojan then opens up the Orkut login page and provides access to the user's ID; you can imagine the extent of damage wrought by this. Best thing to do - delete such strange messages as soon as you receive them and do not click on them.
No comments:
Post a Comment