Friends how many of you have fallen victim to a worm, which apparently looks like this in your scrapbook, but let me warn you its a deadly worm, recently renamed to W32.Scrapkut, uses active code injection as a vehicle to propagate to the Orkut friends of its unfortunate victim.
Wondering how this thing happens, heres the whole story about it:
> a malicious scrap is posted to the victim’s scrapbook, containing a link to what appears to be a YouTube video
> When a victim clicks on the link, they are redirected to an external site which prompts them to download the file “flashx_player_9.8.0.exe”.
> When executed, flashx_player_9.8.0.exe retrieves the files windosremote.exe, logservicess.exe and win32chekupdate.exe from http://[REMOVED].ifastnet.com. These files download additional files that perform a variety of malicious actions, but logservicess.exe is the main executable for further propagation. Logservicess.exe first copies itself as maindwxp.exe to four different locations on the system to ensure it is executed on startup.
> Maindwxp.exe then checks in with the command and control server via a GET request with specific parameter values. Interestingly, the page returned simply contains the word “Rastreados” followed by a number. In Portuguese, “rastreados” means “crawled” - at last check the number was 13559.
> Maindwxp.exe then executes and begins checking for an active browser window, waiting for the victim to visit Orkut. Once the victim is in an authenticated Orkut session, maindwxp.exe injects Javascript code into the active Orkut web session.
> This Javascript code which is actually based on a popular Greasemonkey script is then executed within the context of the Orkut domain and the user’s authenticated session, resulting in the malicious scrapbook entry being sent to all the victims’ friends, and the cycle begins again.
This way the malicious worm is spreading virally on the orkut, So how you can be saved from this malicious worm now, well in past i have posted about "how to surf orkut without javascript" which would help in prevention from such viruses and always remember not to use any javascript that are posted in your scrap even by your trusted friends...
Edit: So here is a way to remove this virus, Click Here
=====================================
If you like this post, Please Comment about it...
2 comments:
selling antique
Nice work sir
Post a Comment