Smokey's Security Weblog

veritas odium parit

Caution about Twitter pages referencing an Orkut photo album

Next case of social engineering on Twitter, reported by Christopher Boydon/FaceTime Security Labs Blogs:

Orkut users are being targeted via Twitter pages carrying infection links.

The pages linked try and get you to download an infection file straight away, or pretend you’re installing a Flash update.

Once the files are run on the end-users PC, a variety of malicious files will be installed and various types of data theft may be attempted. For example, one of the EXEs will pop open the Orkut website in what is obviously an attempt to get you to fill in your user details.

Particularly interesting is the use of Twitter to push these Orkut attacks, and also the fact that the attackers have seemingly created the majority of the profiles 17 followers – presumably to make the infection link carrying profile seem more legitimate and part of a small group or community of friends.

In some ways, then, this is a refinement of the attack noted by Kaspersky because they’re targeting a specific group of users instead of taking the “Come and get it, everybody” approach. Obviously, just because you don’t use Orkut doesn’t mean you’re safe from this – the URLs are entirely indescriminate with regards who clicks them and becomes infected, so if you see any profiles on Twitter that mention Orkut with hyperlinks that reference “Photo albums” or “galleries” (the oldest Orkut-targeted infection tactic in the book), steer well clear.

Source/full alert: FaceTime Security Labs Blogs


September 14, 2008 - Posted by | Advisories, Alerts, Downloads, Malware, Recommended External Security Related Links, Uncategorized, Vulnerabilities | , , , , , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: