Data-thieving worm targets Orkut users

Portuguese-speaking users of Google's social-networking site are especially at risk from worm that aims to steal banking data.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
2 min read
A new worm that attempts to steal online banking credentials is propagating on Google's social-networking Web site, a security company warned Friday.

The worm, dubbed MW.Orc, primarily targets Brazilian users of Google's Orkut Web site. It uses a message in Portuguese to entice people to click on a file that is disguised as a JPEG image, FaceTime Security Labs said in a statement.

The initial file, called "minhasfotos.exe," creates two additional files on a user's system, "winlogon_.jpg" and "wzip32.exe," FaceTime said. When the user, after the initial compromise, clicks on the "My Computer" icon in Windows XP, an e-mail with his or her personal data is sent to the anonymous attacker, the security company said.

Additionally, the compromised computer may be added to a network of hijacked PCs, known as a botnet. The pest also tries to propagate by placing a malicious link on the profiles of people in the Orkut user's network, FaceTime said.

Google confirmed the worm. "We are aware of this issue and will have a temporary fix in place within the hour," a company representative said in an e-mailed statement. "We are working on a more permanent solution for users to guard against these malicious efforts."

For their protection, Orkut users, just as users of all online services and applications, should always be careful when opening or clicking on anything suspicious, the Google representative said.

Earlier this week, a worm hit Yahoo's popular online e-mail service.

Brazilian consumers make up about 70 percent of Orkut's entire user base, according to Google data. The Orkut worm is targeting Brazilian users in an attempt to steal credentials for Brazilian banks, it is believed.