First trojans on page creator, now worms in Orkut.
Hackers are trying to steal Orkut users’ bank account information by inserting an automated information theft worm, according to security researchers. The worm, known as MW.Orc, is propagating through Orkut when users launch an executable file disguised as a JPEG.
Google has a temporary fix in place and encourages Orkut users not to open suspicious files.
“We are aware of this issue and have a temporary fix in place. We are working on a more permanent solution for users to guard against these malicious efforts,” said a representative from Google in a response emailed to Google Watch.
The email continued: “Orkut users and users of all online services and applications should always be careful when opening or clicking on anything suspicious.”
Guess that goes for child porn, too.
According to FaceTime Security Labs, the worm’s original .exe file installs two additional files on a users’ computer. Those files then copy the users’ banking logon information if the user navigates to one of several predefined banking sites.
The worm also spreads automatically by posting a URL in another user’s Orkut Scrapbook.
Read more about the worm on the security posting here.
An image of a typical Brazilian banking site appears below, courtesy Vitalsecurity.org.
In other Google hacking news, Google Page Creator was the target of an attack by hackers this weekend. Security firm Websense warned on Friday that a trojan was being hosted on a Google-related site.
Google has since removed the pages, and they’re working on preventing malicious code uploads in the future.