FOSTER CITY, CALIF - June 19, 2006 - Today,
FaceTime Security Labs announced the discovery of a worm that
steals users' banking details, usernames and passwords. The worm,
known as MW.Orc, is propagating through Orkut, Google's social
networking site, as users launch an executable file disguised as a
JPEG. Google has a temporary fix in place and encourages Orkut
users not to open suspicious files. "Sometimes there is a false
sense of security and trust that an end user has in a 'gated'
community such as Orkut. This is similar to what we see happening
in instant messaging," said Chris Boyd, security research manager
for FaceTime Security Labs, and globally-recognized Internet
security expert. The initial executable file that causes the
infection installs two additional files on the user's computer.
These then e mail banking details and passwords to the worm's
anonymous creator when infected users click on the "My Computer"
icon. The infection spreads automatically by posting a URL in
another user's Orkut Scrapbook, a guestbook where visitors can
leave comments visible on the user's page. This link lures visitors
with a message in Portuguese, falsely claiming to offer additional
photos. The message text that carries an infection link can vary
from case to case. Orkut is popular among Brazilian Internet users.
In addition to stealing personal information, the malware can also
enable a remote user to control the PC and make it part of a
botnet, a network of infected PCs controlled by a hacker. The
botnet in this case uses an infected PC's bandwidth to distribute
large, pirated movie files, potentially slowing down an end-user's
connection speed. FaceTime Security Labs researchers have posted
commentary and recommendations concerning MW.Orc at blog.spywareguide.com/2006/06/datatheft_malware_targets_goog_1.html,
including a video that shows how the malware sends personal data
back to the attacker. FaceTime Security Labs is the threat research
division of IM and Greynet security leader FaceTime
Communications.
Threat
name: MW.Orc
Threat type: Malware
Risk: Medium
Who is affected: Orkut members and visitors using
Windows XP
Additional information: The initial executable
file (Minhasfotos.exe) creates two additional files when activated,
winlogon_.jpg and wzip32.exe (located in the System32 Folder). When
the user clicks the "My Computer" icon, a mail is sent containing
their personal data. In addition, they may be added to an XDCC
Botnet (used for file sharing), and the infection link may be sent
to other users that they know in the Orkut network. The infection
can be spread manually, but also has the ability to send "back
dated" infection links to people in the "friends list" of the
infected user. FaceTime Customers Are Protected Against This
Threat
FaceTime's RTGuardian and GEM customers are protected from this
exploit if they have auto-update features enabled. FaceTime's
X-Cleaner customers should download the latest update and scan
their PC. FaceTime Enterprise Edition and IMAuditor customers can
proactively block these malicious threats and prevent infections
before they happen by utilizing the auto-update features to block
downloads of the specific file types associated with the
threats.
About Actiance, Inc. (Formerly FaceTime Communications, Inc.)
FaceTime Communications became Actiance, Inc on January 11, 2011 following an agreement to
transfer the FaceTime trademark to Apple.
FaceTime Communications enables the safe and productive use of Unified Communications and Web 2.0,
including instant messaging, blogs and social networking. Ranked number one by IDC for five consecutive
years, FaceTime's award-winning solutions are used by more than 1,500 customers for the security,
management and compliance of real-time communications. FaceTime supports or has strategic partnerships
with all leading IM, unified communications providers and social networks including AOL, Google, Yahoo!,
Skype, Microsoft, IBM, Cisco, Facebook, LinkedIn and Twitter.
FaceTime is headquartered in Belmont, California. For more information visit
http://www.facetime.com or call 888-349-3223.
PR Contact Information: