By Joris Evers
Staff Writer, CNET News.com
Published: June 16, 2006, 2:18 PM PDT
A new worm that attempts to steal online banking credentials is propagating on Google's social-networking Web site, a security company warned Friday.
The worm, dubbed MW.Orc, primarily targets Brazilian users of Google's Orkut Web site. It uses a message in Portuguese to entice users to click on a file that is disguised as a JPEG image, experts with FaceTime Security Labs said in a statement.
The initial file, called "minhasfotos.exe," creates two additional files on a user's system, "winlogon_.jpg" and "wzip32.exe," FaceTime said. When the user, after the initial compromise, clicks on the "My Computer" icon in Windows XP, an e-mail with their personal data is sent to the anonymous attacker, FaceTime said.
Additionally, the compromised computer may be added to a network of hijacked PCs in a botnet, FaceTime said. The pest also tries to propagate by placing a malicious link on the profiles of people in the Orkut user's network, FaceTime said.
Google confirmed the worm. "We are aware of this issue and will have a temporary fix in place within the hour," a company representative said in an e-mailed statement. "We are working on a more permanent solution for users to guard against these malicious efforts."
For their protection, Orkut users, just as users of all online services and applications, should always be careful when opening or clicking on anything suspicious, the Google representative said. Earlier this week, a worm hit Yahoo's popular online e-mail service.
Brazilian users make up about 70 percent of Orkut's entire user base, according to Google data. The Orkut worm targets Brazilian users and attempts to steal credentials for Brazilian banks.