A security firm has recently warned about a new type of computer worm capable of stealing online banking account information that is spreading rapidly through Google’s social networking site.
The MW.Orc worm primarily targets users of Google’s Orkut site in Brazil. Using a message in Portuguese, the MW.Orc worm tricks victims into clicking on a fake file disguised as a JPEG image, FaceTime Security Labs noted in a statement last weekend.
This initial file, named “minhasfotos.exe“, will create two new files, “winlogon_.jpg” and “wzip32.exe“, as soon as the MW.Orc worm successfully infects the user’s system. At that point, if the user clicks on the My Computer icon, an email containing their personal information will be sent back to the malicious attacker.
Additionally, infected computers by the MW.Orc worm are “seized” to join a network of hijacked PCs, also known as a botnet.
The MW.Orc worm also spreads itself by placing a dangerous link on the user’s profile on Orkut.
Google has officially confirmed the existence of this computer worm. “We are aware of the MW.Orc worm and will address this issue as soon as possible,” a Google representative stated. “We are working to provide long-term solutions to protect users against these dangerous threats“.
For users, to protect themselves, online service and application users should be cautious when clicking on links or anything suspicious on the web, Google advises.
Users in Brazil account for up to 70% of Google’s Orkut network. This may explain the emergence of the MW.Orc worm.
Hoàng Dũng
