From http://money.cnn.com/2006/06/19/technology/google_orkut.reut

Internet virus, which is circulating social networking site, is capable to
stealing bank information and other personal data, according to security
firm.

June 19, 2006: 6:22 PM EDT

SAO PAULO, Brazil (Reuters) - A new Internet worm capable of stealing bank
details and other personal data from users is circulating via Orkut, Google
Inc.'s social networking service, a computer security company warned Monday.

Instant-messaging service provider FaceTime Communications said its software
security lab had detected the spread of the electronic virus, the third such
threat to disseminate itself via messages posted on Orkut users personal Web
pages.
 
Google's service, while available globally, is wildly popular among
Brazilians which make up the bulk of its users.

The malicious program, dubbed by FaceTime as "MW.Orc," works its way onto
users' personal computers when they click on infected links on Orkut
scrapbook pages. The link is followed by a message in Portuguese that
entices the user to click.

Once the link is activated, a file is uploaded to the PC, according to a
description of how the worm works contained in a statement by the Foster
City, California-based company.

When infected Orkut users using Microsoft Corp.'s (Charts) widely used
Windows XP operating system to find personal files on their PCs through
their "My Computer" icon, that triggers an e-mail back to the creator of
MW.Orc creator filled with personal information stored on the PC, FaceTime
said.

The new threat to Orkut follows an earlier worm, Banker-BWD, which was
uncovered by Sophos, an anti-virus company.

That malicious software also disseminated itself through Orkut's scrapbook
pages, but automatically transferred the victims to fake Web pages of banks
in order to entice the users to enter personal data that can then be stolen
by the hackers.

Orkut has around 21.1 million users, 68.56 percent of whom identify
themselves as Brazilians, 12.26 percent as living in the United States and
5.32, who say they live in India.

According to the Brazilian Banks Federation (Febraban), the use of Internet
banking services by Brazilians jumped 45.3 percent 26.3 million in 2005 over
2004, representing a major portion of all online users in South America's
largest nation.

Estimates from Brazilian Internet industry are that Brazil has around 31
million Web surfers.

In a statement, Google said that "Orkut.com users and users of all online
services and applications should always be careful when opening or clicking
on anything suspicious."

Google said that it is "aware of this issue and will have a temporary fix in
place. "We are working on a more permanent solution for users to guard
against these malicious efforts," the company said.

In recent days, Orkut has published an alert on scrapbook pages, which warns
users to be careful when opening links sent by unknown users of Orkut and to
avoid clicking on links to pages outside of Orkut's own domain.

Information about these threats are located on our VIL at: 

PWS-Banker!1d2e (http://vil.nai.com/vil/content/v_139983.htm)
Downloader-AWV.dr (http://vil.nai.com/vil/content/v_139979.htm)

Detection
The threats were first discovered on the following dates:

PWS-Banker!1d2e (June 13, 2006)
Downloader-AWV.dr (June 20, 2006)

The following threats can be detected with the current Dats:

PWS-Banker!1d2e is proactively detected as PWS-Banker in the 4784 dat files
(Release Date: June 13, 2006)
Downloader-AWV.dr is detected in the 4787 dat files (Release Date: June 19,
2006)

To stay updated and protected download the latest dat files from
http://www.mcafee.com/us/downloads/index.html

If you suspect you have the above threats, please submit a sample to
<http://www.webimmune.net>


Mike Grant
Bytware, Inc.
775-851-2900 

http://www.bytware.com


CONFIDENTIALITY NOTICE:  This e-mail message and any attachment to this e-mail 
message contain information that may be privileged and confidential.  This 
e-mail and any attachments are intended solely for the use of the individual or 
entity named above (the recipient) and may not be forwarded to or shared with 
any third party.  If you are not the intended recipient and have received this 
e-mail in error, please notify us by return e-mail or by telephone at 
775-851-2900 and delete this message.  This notice is automatically appended to 
each e-mail message leaving Bytware, Inc.  



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.