W32.Scrapkut Orkut Worm spreading to millions of users

Friends how many of you have fallen victim to a worm, which apparently looks like this in your scrapbook, but let me warn you its a deadly worm, recently renamed to W32.Scrapkut, uses active code injection as a vehicle to propagate to the Orkut friends of its unfortunate victim.

Wondering how this thing happens, heres the whole story about it:

> a malicious scrap is posted to the victim’s scrapbook, containing a link to what appears to be a YouTube video
> When a victim clicks on the link, they are redirected to an external site which prompts them to download the file “flashx_player_9.8.0.exe”.
> When executed, flashx_player_9.8.0.exe retrieves the files windosremote.exe, logservicess.exe and win32chekupdate.exe from http://[REMOVED].ifastnet.com. These files download additional files that perform a variety of malicious actions, but logservicess.exe is the main executable for further propagation. Logservicess.exe first copies itself as maindwxp.exe to four different locations on the system to ensure it is executed on startup.
> Maindwxp.exe then checks in with the command and control server via a GET request with specific parameter values. Interestingly, the page returned simply contains the word “Rastreados” followed by a number. In Portuguese, “rastreados” means “crawled” - at last check the number was 13559.
> Maindwxp.exe then executes and begins checking for an active browser window, waiting for the victim to visit Orkut. Once the victim is in an authenticated Orkut session, maindwxp.exe injects Javascript code into the active Orkut web session.
> This Javascript code which is actually based on a popular Greasemonkey script is then executed within the context of the Orkut domain and the user’s authenticated session, resulting in the malicious scrapbook entry being sent to all the victims’ friends, and the cycle begins again.

This way the malicious worm is spreading virally on the orkut, So how you can be saved from this malicious worm now, well in past i have posted about "how to surf orkut without javascript" which would help in prevention from such viruses and always remember not to use any javascript that are posted in your scrap even by your trusted friends...

Edit: So here is a way to remove this virus, Click Here


If you like this post, Please Comment about it...

Related Posts by Categories


Anonymous said...

Protect my computer and eliminate the bugs and viruses.
When you are searching for a great scan that can help you keep your computer running like new, I would suggest that you visit http://www.Search-and-destroy.com. Here I found the antispyware solution from Search-and-destroy and it was exactly what I needed to protect my computer and eliminate the bugs and viruses that would make it run slow, freeze up and shut down. Search-and-destroy Antispyware was the answer to my computer bug problems and it was certainly worth every penny I spent to have this great antispyware to protect my PC. Not only does it work great but it cost less than many of the other scans available.

selling antique said...

selling antique

Ipod Rip said...

Ipod Rip

hxl said...

tn requin

chaussures tn

women's shoes

chaussure requin

air max

chaussures sport

air 90

air 95

chaussures pas cher

air bw

air max

air 90

air chaussures

discount handbags


timberland chaussures

bottes ugg

ugg classic


bottes ugg

Chaussures Femmes

ugg classic



Chaussures mode

doudoune moncler







Scraps For Orkut said...

Nice work sir