Orkut network hit by new spam campaign

Google's Orkut network has been hit by a new spam campaign.

 

Websense security labs ThreatSeeker network has identified a social engineering spam campaign with messages disguised as having come from Google's Web 2.0 social networking site.

 

A message is sent from a user claiming to be from the Orkut network, it is in Portuguese and the message claims to be seeking love. Websense previously warned of a new wave of spam which claims to be from Orkut, one of the most popular social networking sites in Latin America and the second most visited site in India.

 

The message contains several links that appear to lead to the official Orkut website. Clicking on a link actually leads to a malicious executable file, which is a Trojan downloader named ‘imagem.exe'.

 

The malicious file opens the legitimate Orkut network login page, and in the background downloads a password stealing Trojan named ‘msn.exe' that is copied to various system locations, using different names: ‘plugin.exe' and ‘kss.exe'. These copies are bound to the system's start up. 

Websense said that the Trojans in this attack are hosted on a compromised labour union website from southern Brazil. It claimed that this attack is another instance of such tactics, an ongoing trend increasingly targeting Web 2.0 sites to carry out a wide range of attacks.

 

Sign up to our newsletters