Google’s Orkut Hit by Data Stealing Worm – Mw.Orc


So just a few days about there was a new MSN Worm – BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention.

And of course plenty of nasty Trojans.

A new Internet worm capable of stealing bank details and other personal data from users is circulating via Orkut, Google Inc.’s social networking service, a computer security company warned on Monday.

Instant-messaging service provider FaceTime Communications said its software security lab had detected the spread of the electronic virus, the third such threat to disseminate itself via messages posted on Orkut users personal Web pages.

Google’s service, while available globally, is wildly popular among Brazilians which make up the bulk of its users.

The malicious program, dubbed by FaceTime as “MW.Orc,” works its way onto users’ personal computers when they click on infected links on Orkut scrapbook pages. The link is followed by a message in Portuguese that entices the user to click.

It seems this is not the first time Orkut has been hit, this one however goes after personal details of a more valuable nature.

Once the link is activated, a file is uploaded to the PC, according to a description of how the worm works contained in a statement by the Foster City, California-based company.

When infected Orkut users using Microsoft Corp.’s widely used Windows XP operating system to find personal files on their PCs through their “My Computer” icon, that triggers an e-mail back to the creator of MW.Orc creator filled with personal information stored on the PC, FaceTime said.

The earlier attempt seemed to be more of a phishing affair.

The new threat to Orkut follows an earlier worm, Banker-BWD, which was uncovered by Sophos, an anti-virus company.

That malicious software also disseminated itself through Orkut’s scrapbook pages, but automatically transferred the victims to fake Web pages of banks in order to entice the users to enter personal data that can then be stolen by the hackers.

People are getting pretty handy with all this HTML worm business, I’m impressed.

Source: Reuters

Posted in: Malware, Web Hacking

, , , , ,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


3 Responses to Google’s Orkut Hit by Data Stealing Worm – Mw.Orc

  1. saqib khan July 14, 2006 at 10:11 pm #

    pls send me orkut hacking tool or trick ya tips….pls pls its urgent

  2. muzammil ashraf August 9, 2006 at 8:17 am #

    pls send me orkut hacking tool or trick ya tips….plz its urgent

  3. ur father August 14, 2006 at 9:03 am #

    fuck u both dont u know u should not post ur email on net like this ass hole pakistani