By John E. Dunn
19 June 2006
An automated information theft worm has been discovered spreading
through Google's social networking website, Orkut.
Using a URL as the lure, MW.Orc installs itself in an Orkut scrapbook,
a public guestbook where visitors can leave comments or links.
Infection follows for anyone clicking on this, after which it attempts
to steal banking user names and passwords in trusted phishing style,
should such services be accessed.
The worm also gives criminals the potential to use the infected PC as
a bot for the distribution of pirated movie files.
Written in Portuguese, the link is believed to be designed to hook
Brazilians, the main users of the system. Google is said to have come
up with a temporary patch to stop its activities, although a posting
by FaceTime Security Labs' researchers on blog.spywareguide states
that the worm has been causing problems for some time.
"The idea of problems behind "gated" communities is a pretty
interesting one, even more so when the idea regularly rolls around
that segregating various parts of the Internet to "keep the bad guys
out" would be a great idea. But what happens when those bad-guys are
already inside the gates?," the blog entry continues.
"Sometimes there is a false sense of security and trust that an end
user has in a "gated" community such as Orkut. This is similar to what
we see happening in instant messaging," was the official comment from
FaceTime's Chris Boyd.
A relatively obscure part of the Google empire, the invitation-only
Orkut is said to have been named after its creator, Google employee
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.