Saturday, March 1, 2008

The Scrapkut Worm Running Loose on Orkut

I'm sure a lot of Orkut users have seen the image shown below in their scrapbooks or their friend's scrap book. If you have seen it, then hold your temptation. Do not click on it because although it may seem to you like a YouTube video, its actually link that downloads a worm. The worm now known as the W32.Scrapkut by Symantec has created that scrap and wants to spread itself through your friendly orkut network.

Scrapkut

Symantec's website dug deeper into the worm and explains on how the worm intends to spread itself.

When a victim clicks on the link, they are redirected to an external site which prompts them to download the file “flashx_player_9.8.0.exe”. When executed, flashx_player_9.8.0.exe retrieves the files windosremote.exe, logservicess.exe and win32chekupdate.exe from http://[REMOVED].ifastnet.com. These files download additional files that perform a variety of malicious actions, but logservicess.exe is the main executable for further propagation. Logservicess.exe first copies itself as maindwxp.exe to four different locations on the system to ensure it is executed on startup.... [read more]

Hopefully you have not yet succumbed to the temptation and clicked the image. The problem is not just for you, but for all your friends on the orkut network. And if you have already experienced the worm, pass on the info to your friends so that they don't get infected. Social networks is going to be the next big target for hackers and worm writers. Tread with caution is the best advice at the moment!!

2 comments:

Anonymous said...

I am regular reader of your blog and I found this post very informative. I'm an orkut user and after I read your blog I came across the malicious post you mentioned... I also passed the msg to a few other frnds.

Keep up the good work

Anonymous said...

I too have come across the mail and after digging deeper into I had warned all my friends about this. But you're warning all your readers. So keep up the good job.