Security firm: Google's Orkut being used to spread Trojans

Spam message on Orkut is disguised as an official e-mail from the social-networking site, but the links in the message lead to Trojans, Websense says.

Someone is using Orkut to spread Trojan links in a message disguised as an official e-mail from the Google-owned social network, according to an alert from security firm Websense released Tuesday.

The message, written in Portuguese to appeal to Orkut's many Brazilian members, looks like it is sent from an Orkut member who is looking for love, Websense says.

"The message contains several links that appear to lead to the official Orkut Web site. Clicking on a link actually leads to a malicious executable file, which is a Trojan Downloader named 'imagem.exe,'" the Websense alert says. "The malicious file opens the legitimate Orkut network log-in page, and in the background downloads a password stealing Trojan named 'msn.exe.'"

The Trojans are hosted on a compromised labor union Web site from southern Brazil, according to Websense.

A Google spokesman said the company was investigating the matter.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Toshiba's Radius 12 is a stunning hybrid laptop with some comfort issues

It seems speedy and it has a beautiful screen, but the Toshiba Satellite Radius 12 might not be worth your money. CNET's Sean Hollister goes hands-on.

by Sean Hollister