FaceTime Security Labs announced the discovery of a worm that steals users' banking details, usernames and passwords. The worm, known as MW.Orc, is propagating through Orkut, Google's social networking site, as users launch an executable file disguised as a JPEG. Google has a temporary fix in place and encourages Orkut users not to open suspicious files. "Sometimes there is a false sense of security and trust that an end user has in a 'gated' community such as Orkut. This is similar to what we see happening in instant messaging," said Chris Boyd, security research manager for FaceTime Security Labs, and globally-recognized Internet security expert.
The initial executable file that causes the infection installs two additional files on the user's computer. These then e-mail banking details and passwords to the worm's anonymous creator when infected users click on the "My Computer" icon. The infection spreads automatically by posting a URL in another user's Orkut Scrapbook, a guestbook where visitors can leave comments visible on the user's page. This link lures visitors with a message in Portuguese, falsely claiming to offer additional photos. The message text that carries an infection link can vary from case to case. Orkut is popular among Brazilian Internet users.
In addition to stealing personal information, the malware can also enable a remote user to control the PC and make it part of a botnet, a network of infected PCs controlled by a hacker. The botnet in this case uses an infected PC's bandwidth to distribute large, pirated movie files, potentially slowing down an end-user's connection speed.
print
save
email
comment
Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy PolicyTerms of Use
