Another worm burrows through Orkut

Social networking site Orkut has fallen victim to a worm called W32.Scrapkut. Malware authors are increasingly targeting social networks; Orkut, owned by Google, was affected last December and a worm penetrated Facebook in January.

Advertisement

Scrapkut is is spreading the network rapidy, assisted by users, whose actions are needed for the worm to propagate. In their scrapbooks, users find a message that apparently links to a YouTube video. But when the link is clicked, the user is prompted in Portugese to install a supposed codec called "flashx_player_9.8.0.exe". The dummy codec installs several files. One of them replicates the dummy video message to that user's contacts. Symantec has published a detailed description.

Symantec's Javier Santoyo says that worms that spread directly through social networks are extremely dangerous because users still do not fully understand that a message from within the network may not necessarily be authentic. Therefore, the same rules apply as with normal emails: recipients should not click on links, but rather enter the URL displayed directly in their browser. Apparently, W32.Scrapkut has fooled one of Orkut's protection mechanisms by forwarding users from a website at Google video to another carrying malicious software.

(mba)