Data-Theft Worm Targets Google’s Orkut

A new type of Malware is targetting users inside the Orkut.com community, stealing their login details to online banking sites, dumping them into a Botnet and trying to spread automatically via their “scrapbooks”. Some infections even cause you to start serving copyrighted material from your pc, via IRC. Screenshots and a movie file of the infection mailing home the data, which is pretty interesting.

ADDENDUM: A startling event was discovered during extended testing on an infected machine, which was infected in a lab setting on the 13th of June. The link to the dangerous payload was propogated on the 16th…however the infection message is timestamped as having been sent on the 14th of June.

ADDENDUM 2: Apparently Google engineers are in contact with the spyware researchers right now to help fix this problem, hopefully we will find something out from them soon on their progress.

ADDENDUM 3: Google confirmed the worm. “We are aware of this issue and will have a temporary fix in place within the hour,” a company representative said in an e-mailed statement. “We are working on a more permanent solution for users to guard against these malicious efforts.” You go Google.

News.com adds,

The initial file, called “minhasfotos.exe,” creates two additional files on a user’s system, “winlogon_.jpg” and “wzip32.exe,” FaceTime said. When the user, after the initial compromise, clicks on the “My Computer” icon in Windows XP, an e-mail with his or her personal data is sent to the anonymous attacker, the security company said.

Additionally, the compromised computer may be added to a network of hijacked PCs, known as a botnet. The pest also tries to propagate by placing a malicious link on the profiles of people in the Orkut user’s network, FaceTime said. Source: News.com

read more | digg story