14 DAY TRIAL // The online community of the social networking site Orkut from Google was targeted by a worm meant to extract online banking credentials from the users' computers. And because 70% of all Orkut members are Portuguese speaking Brazilians, the MW.Orc worm addresses them in their native language.
FaceTime Security Labs has issued a warning that describes how the worm operates. MW.Orc displays a message in Portuguese to convince the users to open what seems to be a JPEG file. After the file minhasfotos.exe is opened corrupting the computer two additional files are created winlogon_.jpg and wzip32.exe. As soon as the user clicks the "My Computer" icon on the desktop an e-mail containing all the data extracted from the PC is sent to a remote server operated by the attacker.
"Sometimes there is a false sense of security and trust that an end user has in a 'gated' community such as Orkut. This is similar to what we see happening in instant messaging," said Chris Boyd, security research manager for FaceTime Security Labs, and globally-recognized Internet security expert. "Consequently, the infection spreads like wildfire."
"We are aware of this issue and will have a temporary fix in place within the hour," a company representative said in an e-mailed statement. "We are working on a more permanent solution for users to guard against these malicious efforts."