Another Fake Twitter Profile Spreads Malware That Harvests Orkut Credentials

September 9th, 2008

Another Fake Twitter Profile Spreads Malware That Harvests Orkut Credentials

According to Chris Boyd, director of malware research at IM security firm Facetime, miscreants are using a fake Twitter profile in a bid to spread malware that harvests login credentials for Orkut. Updates to the fake Twitter profile are supposedly being followed by 17 punters, but they’re all fake.

The profile is designed to trick would-be marks into viewing a photo album on Orkut, which supposedly requires a Flash update to view. This bogus Flash update is contaminated by malware, specifically the OrkutTron Trojan.

OrkutTron performs a variety of malicious actions including an attempt to snaffle login credentials for Orkut, the Google-run social networking site that’s particularly big in Brazil. Fitting in with this theme, the fake Twitter profile is written in Portuguese.

Attacks targeting Orkut are relatively commonplace, but as Boyd notes, the use of Twitter represents an innovation in such hacking attacks.

Share this item with others:

More on CyberInsecure:

Bogus Twitter Profiles Are Being Used To Spread Malware

Google To Open Suspect Orkut Albums To Brazil Police

Spam From 750 Compromised Twitter Accounts Invited Users To Visit Porn Website

Fox News Twitter Account Hijacked, Reports Obama’s Assassination

Twitter Worm Outbreak Over Easter, XSS Flaw Remains Unfixed

Posted in Malware, Scams, Targeted Attacks, Trojans & Worms |

Print This Post

This entry was posted on Tuesday, September 9th, 2008 at 12:06 pm and is filed under Malware, Scams, Targeted Attacks, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.