« Spammers crack Gmail Captcha | Main | ActiveX Vulnerability Pwns MySpace, Facebook users »

Orkut Worm v2.0

"The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.

People who click on the link are redirected to an external site hosting malware that's disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims' friends, recommencing the infection cycle.

An analysis by Symantec can be found here."

Article Link: http://www.theregister.co.uk/2008/02/29/orkut_worm_reloaded/

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!