Categories
Orkut under siege from Malware barrage
....oh wow, what a kickass title. Anyway, the popular community website Orkut has been taking something of a Malware beating for the past month or so. Lots of nasty links have been filling up profile pages, and anyone foolish enough to become infected risks the wrath of the Online Money Stealing Gods. Of Doom. Labels: The Big Ones
For more information on this particular nasty, check out my analysis over at the Spywareguide Blog.
Brazil is in something of a state at the moment, with regards Spy/Malware. The banking keylogger thing is so bad that the banks themselves are having to resort to some pretty desperate measures to keep their customers money safe. From a pal of mine, who does a lot for promoting the security issues in Brazil in general:
(A bank in Brazil)"...has also installed very intrusive protection software. You have to install it or the bank won't allow you to use its online interface. When I opened up task manager to see the amout of memory/CPU the software was using, its processes were nowhere to be found. Except, of course, in F-Secure BlackLight. It's not very nice you have to install a rootkit driver that hides its processes just so you can see how much money you have left in your account."
Ouch.
I personally have heard lots of people complain that this "security software" from Brazilian banks can sometimes do more harm than good - broken IE, messed up Windows Explorer, functions that stop - er - functioning...the list goes on and on.
The screenshot there shows a small extract from a typical Brazilian banking website. Can you say Fort Knox? There's barely anything else on the page besides security warnings and blank space. Though the nifty keyboard thing doesn't always help...
"Banks are now not using just typed passwords - you have to click. So the trojans incorporated a click logger that takes a screenshot to see where (the user) clicked. Then the Banks made systems that blank out the chararcters as the user clicks. Others make the cursor go away from the buttons, so the click logger captures the mouse away from the button that was clicked. To combat this, the trojans are now recording movies of the user session so they can see where his mouse was when he clicked and when he did not."
Well, that's pretty messed up.
In fact, you can see just how messed up it is in the short movie I made for the Spywareguide blog entry. It's just under 3MB, bandwidth fans. And it shows exactly how the bad guys send home the stolen information. I guess the last thing someone would expect to see when clicking their "My Computer" icon is a webpage saying "Form sent!" but there you go. Click the image to enlarge and all that.
As for Orkut and other "gated" communities, I expect they'll have to contend with many more attacks like this in future. Myspace has had to come up with all new and inventive ways to stop nasty attacks - ban all emos and you're halfway there - but ever more devious attacks like the above will continue to make things difficult. It's somewhat akin to IM attacks - you don't need to gain someone's trust to run your file, because you're already inside the circle of trust. Like that De Niro guy in the Ben Stiller film.
What was my overall point? I've forgotten. But Meet the Parents rocks.
/ Update - We just updated the SPG blog because we have some late-breaking information on this story. And the information is? More proof that this thing spreads automatically. Bop on over there and check it out. And crazy mad props to Wayne for his late night / early morning antics on the other end of the Batphone.
