Trojan downloader circulates among Orkut users

Security experts at MicroWorld Technologies inform that members of Orkut Online Community Service powered by Google may receive a message from their contacts urging them to click on a link. Once the link is clicked, a Trojan downloader named “Win32.Banload.aoo’ will find its way to user computers.

In an attack that’s very similar in nature to the last month’s password stealing Trojan in Orkut, this one too comes from infected contacts, thereby evoking no suspicion in recipient’s mind. The message written in Brazilian Portuguese asks users to download a file named “fotovideo.exe’, where it’s important to note that 67% of Orkut users are Brazilians.

After getting into the victim’s computer, “Win32.Banload.aoo’ logs on to malicious websites to download dangerous password stealing Trojans and keyloggers without the knowledge or consent of the user.

At the first stage of its infection routine, Banload.aoo installs itself in the system registry, lowers the security levels of the computer and tries to turn off AntiVirus software installed in the PC. Then it goes ahead and downloads members of Trojan-PSW family that captures usernames, passwords and other confidential data while the victim logs on to the websites of leading banks and credit card companies. This information is sent to the remote attacker who uses it for multiple online financial crimes.

Last month, a password stealing Trojan named “Infostealer.Orcu’, was directly spread via orkut as an “exe’ posting, without the help of any conduit like Banload.aoo. Reacting to the malice, Google then cautioned users saying, “Orkut.com users and users of all online services and applications should always be careful when opening or clicking on anything suspicious.”