An automated information theft worm has been discovered spreading through Google’s social networking website, Orkut.
Using a URL as the lure, MW.Orc installs itself in an Orkut scrapbook, a public guestbook where visitors can leave comments or links. Infection follows for anyone clicking on this, after which it attempts to steal banking user names and passwords in trusted phishing style, should such services be accessed.
The worm also gives criminals the potential to use the infected PC as a bot for the distribution of pirated movie files.
Written in Portuguese, the link is believed to be designed to hook Brazilians, the main users of the system. Google is said to have come up with a temporary patch to stop its activities, although a posting by FaceTime Security Labs’ researchers on blog.spywareguide states that the worm has been causing problems for some time.
“The idea of problems behind "gated" communities is a pretty interesting one, even more so when the idea regularly rolls around that segregating various parts of the Internet to "keep the bad guys out" would be a great idea. But what happens when those bad-guys are already inside the gates?,” the blog entry continues.
“Sometimes there is a false sense of security and trust that an end user has in a ‘gated’ community such as Orkut. This is similar to what we see happening in instant messaging,” was the official comment from FaceTime’s Chris Boyd.
A relatively obscure part of the Google empire, the invitation-only Orkut is said to have been named after its creator, Google employee Orkut Buyukkokten.