Guys this is for real. I received the scrap mentioned below yesterday i.e 12th July 2006 but luckily I didn’t visit the link mentioned in it. It came from a very good friend of mine who must have clicked on the link when he received the scrap which triggered of from his id to his friends list. So be carefulYes, I am talking about the orkut worm. I personally saw it in action in my friend’s scrap book and I thought I’ll write about it. So here is the description of the trojan and the steps to disinfect your system in case you are affected.
Trojan Description
Never bother to click on any links that sounds really unfamiliar to you even if it comes from your closest friend.
Here is how the scrap will look like.
“Opa, tudo bom? Eu criei um vídeo com uma seleção de minhas fotos novas, clica aí pra ver - h t t p :// y e p . i t / ? i k s t t v - Estão bem legais!!! “
What should you do?
Simply delete the scrap! As simple as that..
How does it spread?
It spreads through infected contacts. An orkut account gets infected once you click on the link. The Trojan posts a message in your all your friend's scrapbook area of the Orkut system. The message text is chosen by the attacker and can be a random sentence written in Brazilian Portuguese, such as the following:
Message example 1:
Opa, tudo bom? Eu criei um video com uma selecao de minhas fotos novas, clica ai pra ver - [MALICIOUS_LINK] - Esta bem legais!!!
Message example 2:
Oi... tudo bom? Como o orkut limita a quantidade de fotos que podem ser publicadas na minha conta, eu criei um slide com algumas fotos minhas, pra ver e so clicar clicar no link!!! [MALICIOUS_LINK] - Sei que vai gostar
If users click on the link, a malicious file is downloaded, which is a copy of Infostealer.Orcu.
When Inforstealer.Orcu is executed, it performs a series of actions and infects your system.
What does this scrap in Portuguese mean anyway? I tried using a translator and this is what I got…
Opa, all good one? I created a video with an election of my photos new, clica pra to see there - h t t p :// y e p . i t / ? i k s t t v - I am well legal!
Name of the Trojan: Infostealer.Orcu
Norton’s Description: Infostealer.Orcu is a Trojan horse that attempts to steal confidential information, such as bank and Paypal accounts. It may arrive as a message spammed across the Orkut network.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Solution :
If you have not yet fixed it.. Herez a solution given by Norton AV
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.
5. Restore the security settings in Internet Explorer modified by the threat.
Article links on Norton...
How to disable or enable Windows Me System Restore
Click here
How to turn off or turn on Windows XP System Restore
Click here
How to make a backup of the Windows registry.
Click here
1 comment:
excellent article. But I need more written
Post a Comment