As of September 2006, Orkut often is unavailable, producing a "Bad, bad server. No donut for you." error message — behavior consistent with that of an underpowered server under heavy load. The outages tend to occur during the day hours in the Americas, home of more than 75% of Orkut users.
Orkut sometimes displays an "under construction" screen while the server is under maintenance. These occurrences last from a few minutes to a few hours.
Security and safety
On June 19, 2006 FaceTime Security Labs' security researchers Christopher Boyd and Wayne Porter discovered a worm, dubbed MW.Orc.
The worm steals users' banking details, usernames and passwords by propagating through Orkut. The attack was triggered as users launched an executable file disguised as a JPEG file. The initial executable file that causes the infection installs two additional files on the user's computer. These files then e-mail banking details and passwords to the worm's anonymous creator when infected users click on the "My Computer" icon.
The infection spreads automatically by posting a URL in another user's Orkut Scrapbook, a guestbook where visitors can leave comments visible on the user's page. This link lures visitors with a message in Portuguese, falsely claiming to offer additional photos. The message text that carries an infection link can vary from case to case.
In addition to stealing personal information, the malware can also enable a remote user to control the PC and make it part of a botnet, a network of infected PCs controlled by a hacker. The botnet in this case uses an infected PC's bandwidth to distribute large, pirated movie files, potentially slowing down an end-user's connection speed.
The initial executable file (Minhasfotos.exe) creates two additional files when activated, winlogon_.jpg and wzip32.exe (located in the System32 Folder). When the user clicks the "My Computer" icon, a mail is sent containing their personal data. In addition, they may be added to an XDCC Botnet (used for file sharing), and the infection link may be sent to other users that they know in the Orkut network. The infection can be spread manually, but also has the ability to send "back dated" infection links to people in the "friends list" of the infected user.
According to statements made by Google, as noted in Facetime's Greynets Blog the company had implemented a temporary fix for the dangerous worm.
No comments:
Post a Comment