News Stay informed about the latest enterprise technology news and product updates.

New worm working its way through Google’s Orkut

Social networking sites, which are as popular as Nickelback and even more annoying, have become favorite playgrounds for malware authors and attackers. We’ve seen attacks using both Facebook and MySpace as a launching pad in recent months, and now it’s Orkut’s turn again. Orkut is Google’s homegrown social networking platform and Symantec researchers have discovered a new worm that is spreading through Orkut by using malicious “scraps” to infect users’ machines. Scraps are graphics and other pieces of content that users employ to communicate with their friends on the site.

The new worm that Symantec is monitoring sends a malicious scrap to all of the people in an infected user’s address book, asking them to click on an image that is supposedly a Flash movie. But, of course, one the user clicks on the link, he is redirected to a malicious site that proceeds to install a number of separate pieces of malware on his machine. The different threats are downloaded from several different domains, and the worm has a couple of other interesting capabilities.

What is interesting in this attack is a redirection URL used to fool Orkut. Orkut shows a CAPTCHA image for human validation whenever any user posts a scrap containing a link and an image. However, CAPTCHA is not used if the URL and image both come from any of the Google domains. This worm uses a redirected URL request from Google video to redirect to the malicious website and escape the CAPTCHA checks.

If you haven’t already blocked access to social networking sites on your network, now might be the time to do it. There’s not much of a legitimate business case to be made for using Facebook or Orkut at work and it looks like attackers have begun to turn their attention to these sites as an easy way to infect large numbers of PCs in a short amount of time.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Truly Said... there are many malicious scraps flooding orkut which are mostly in portugese and many of which loo like windows media player but actually are pics which redirect same scrap t all and the clicker to another site...
Thanks for Informaiton on This Worm and captcha
I also faced same situation....... I got a scrap from one of my friends...saying that has added me as her best friend in her profile. when I clicked that link, it redirected me to my own profile. and some days later, i found that many non-sense communities have been added in my profile.....I un-joined them.....