Saturday, June 17, 2006

Hackers Target Orkut Users to Steal Bank Information

Via SC Mag UK -

According to one security researcher, hackers are planting a password stealer with a message in Portuguese – 70 percent of users on the website are Portuguese-speaking Brazilians. Dubbed Orc.Malware by instant mesaging (IM)security company Facetime Security Labs, the malware tells users that their data has been emailed to the hacker.

It also leaves a message in the user's online guestbook:

“Oi... tudo bom? Como o orkut limita a quantidade de fotos que podem ser publicadas na minha conta, eu criei um slide com algumas fotos minhas, pra ver e so clicar clicar no link!!! [link removed] - Sei que vai gostar"

This roughly translates to: "As Orkut limits the amount of photos that can be published in my account, I created a slideshow with some photos of mine, please click to see!"
Anyone clicking on the link provided executes a file which then looks for bank account details on the user's PC.

Chris Boyd, security research manager at Facetime, said he expected Orkut and other "gated" communities will have to contend with many more attacks like this in future.

“Myspace has had to come up with all new and inventive ways to stop nasty attacks, said Boyd. “But ever more devious attacks like the above will continue to make things difficult. It's somewhat akin to IM attacks - you don't need to gain someone's trust to run your file, because you're already inside the circle of trust. Like that De Niro guy in the Ben Stiller film”






Recently I blogged about the shady ad tricks being played on Myspace. I am sure that Myspace constantly works to stop such attacker, however it isn't perfect. Anyone that has worked in the security field before knows how this game works....the protectors must be right 100% of the time....and the attackers only need to be right once.

Will this type of thing happen on Myspace? It isn't a question of "if"...in my mind; it is a question of "when".

1 comment:

  1. Sorry SmartArse, I do not have the link....it was removed by the initial reporter...

    ReplyDelete