Sunday, July 16, 2006

The Orkut virus - Infostealer.Orcu





Orkut has become a major social networking portal . It is so cool and so addictive ... But there are hidden dangers everywhere . . .
Recently u might have noticed that the hyperlinking feature has been modified . . . That was done to prevent phishing ( hackers stealing ur data - Just use the google search on my sidebar to read up on it )

A recent virus attack was by Infostealer.Orcu

Here is how the scrap will look like.
“Opa, tudo bom? Eu criei um vídeo com uma seleção de minhas fotos
novas, clica aí pra ver - h t t p :// y e p . i t / ? i k s t t v -
Estão
bem legais!!! “

What should you do?
Simply delete the scrap! As simple as that..

How does it spread?

It spreads through infected contacts. An orkut account gets infected
once you click on the link. The Trojan posts a message in your all your
friend's scrapbook area of the Orkut system. The message text is chosen
by the attacker and can be a random sentence written in Brazilian
Portuguese, such as the following:

Message example 1:
Opa, tudo bom? Eu criei um video com uma selecao de minhas fotos novas,
clica ai pra ver - ( suspicious link ) - Esta bem legais!!!

Message example 2:
Oi... tudo bom? Como o orkut limita a quantidade de fotos que podem ser
publicadas na minha conta, eu criei um slide com algumas fotos minhas,
pra ver e so clicar clicar no link!!! ( suspicious link ) - Sei que vai
gostar

If anyone click on the link, it redirects u to the virus URL & asks u to download an .exe file , which is a
copy of Infostealer.Orcu.

When Inforstealer.Orcu runs on a computer, it infects the computer u use and uses your orkut account to scrap everyone in your friends list with the malicious scrap, starting from the first name that comes when u view freinds (at that particular time - the list order changes after some time )

The message is in Portuguese and means :

Opa, all good one? I created a video with an collection of my photos new,click for to see there -( suspicious link ) - I am well legal!

Name of the Trojan:
Infostealer.Orcu

Norton’s Description:
Infostealer.Orcu is a Trojan horse that attempts
to steal confidential information, such as bank and Paypal accounts. It
may arrive as a message spammed across the Orkut network.

Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows XP


Don't click on any strange links in ur scrapbook ... especially if it asks u to download or run some file

5 comments:

Anonymous said...

it is a useful warning and u seem t6o have done ur homework well..good job

Anonymous said...

Thankc alot due it rally helped me out .. some Idiot was trying this on me.
Thankx Again

Anonymous said...

Just a comment... The translation of the Portuguese sentences are:

Message example 1:
Opa, tudo bom? Eu criei um video com uma selecao de minhas fotos novas,
clica ai pra ver - ( suspicious link ) - Estao bem legais!!!

Translation:
Hi, how is it going ? I´ve created a video with a selection of my new photos. [ link ] It is pretty cool !!!

Message example 2:
Oi... tudo bom? Como o orkut limita a quantidade de fotos que podem ser
publicadas na minha conta, eu criei um slide com algumas fotos minhas,
pra ver e so clicar clicar no link!!! ( suspicious link ) - Sei que vai
gostar

Translation
Hi, how is it going ? Since Orkut limits the number of pictures in Photo Album, I´ve created a slide show with my pictures. Click the link to see. [ Link ] I know you will like it !

John Davis said...

#1 No problem ...
#2 U r welcome ... But the person who sent it to you may not know that his computer is infected.
Send him this link to remove the virus.


Thanks for the translation.

Remove Orkut virus "Opa, tudo bom? .." (http://johndasfundas.blogspot.com/2006/07/how-to-remove-orcu-virus.html)

Anonymous said...

I have a weird sort of infection on my computer! Its similar to the one u mentioned but its on msn! automatically when i open a chat window the below text is sent

Ei atualizei meu album de fotos no ORKUT :P
[link]
Passa la eh deixa um Scrap... :P

Can u kindly help me with this?

© FunDa of www.FunDaZone.com
Subscribe to these websites at
FunDaZone.Com RSS feed


More tips and tricks for softwares and websites !!!

RSS syndication