WARNING: Orkut ID Hacked and Testimonial written in some language...!!

Status
Not open for further replies.

Kiran.dks

Technomancer
Today I received email notification that my friend "Raj" has written a testimonial for me. I logged in Orkut and found something bizzare. A testimonial from my friend in some language and a link. I found it strange. My friend Raj revealed that he never wrote a testimonial for me!! He is astonished and so am I too!

The testimonial leads to a website. I clicked on the link. Instead of opening the page, it download a exe file of 145KB. I downloaded it and scanned for spywares. I found nothing. But I am not sure of running the exe.

The whole point in posting this thread is to spread awareness.

Below is the snap shot of the testimonial I recieved. It says it is from Raj(My friend). He never sent it!

*i142.photobucket.com/albums/r116/kiran_rkk/Miscellaneous/1.jpg
 
Last edited:
OP
Kiran.dks

Kiran.dks

Technomancer
Ok guys...I did some R&D of the language used. It turned out to be Portugese!!

Here is the translation:
Its presence is a gift for the world You is unico(a) and alone you have an equal person Its life you can be what to want that is Alive the days, only one of each time Counts to its bençãos, its problems You will not surpass them, you happen what to happen Inside of you she has many answers Understands, you have courage, either strong you do not impose limits exactly itself... Many of your dreams are for being carried through. E this image below complements everything what you mean:
h**p://urlcut.com/img12
Happinesses 1000!

What the heck is this??? Bloody hacker.
 

phreak0ut

The Thread Killer >:)
Guys, I had downloaded the malware and submitted the file to virustotal.com, which does a scan for suspicious behaviour with various antivirus. Here is the report which I got in my mail

Complete scanning result of "x.exe", processed in VirusTotal at 03/25/2007
13:41:39 (CET).

[ file data ]
* name: x.exe
* size: 147622
* md5.: 3442355b265a863016eeb69e88de7de2
* sha1: d4f1e73f4cbded11701d3bcc92f5feef0506a746

[ scan result ]
AhnLab-V3 2007.3.24.1/20070324 found nothing
AntiVir 7.3.1.44/20070325 found [TR/Delphi.Downloader.Gen]
Authentium 4.93.8/20070324 found [Possibly a new variant of
W32/new-malware!Maximus]
Avast 4.7.936.0/20070323 found nothing
AVG 7.5.0.447/20070324 found nothing
BitDefender 7.2/20070325 found [Trojan.Downloader.Banload.AOO]
CAT-QuickHeal 9.00/20070323 found [(Suspicious) - DNAScan]
ClamAV devel-20070312/20070325 found nothing
DrWeb 4.33/20070325 found nothing
eSafe 7.0.14.0/20070322 found [Win32.Polipos.sus]
eTrust-Vet 30.6.3506/20070323 found nothing
Ewido 4.0/20070324 found nothing
F-Prot 4.3.1.45/20070323 found [W32/new-malware!Maximus]
F-Secure 6.70.13030.0/20070324 found [Trojan-Downloader.Win32.Banload.aoo]
FileAdvisor 1/20070325 found nothing
Fortinet 2.85.0.0/20070325 found [suspicious]
Ikarus T3.1.1.3/20070325 found [Backdoor.Win32.Hupigon.BV]
Kaspersky 4.0.2.24/20070325 found [Trojan-Downloader.Win32.Banload.aoo]
McAfee 4991/20070323 found [New Malware.u]
Microsoft 1.2306/20070325 found nothing
NOD32v2 2143/20070325 found [a variant of Win32/TrojanDownloader.Banload.AOO]
Norman 5.80.02/20070323 found nothing
Panda 9.0.0.4/20070324 found nothing
Prevx1 V2/20070325 found nothing
Sophos 4.15.0/20070323 found [Mal/Packer]
Sunbelt 2.2.907.0/20070324 found [VIPRE.Suspicious]
Symantec 10/20070325 found [Infostealer.Banpaes]
TheHacker 6.1.6.080/20070323 found nothing
UNA 1.83/20070316 found nothing
VBA32 3.11.2/20070324 found [suspected of Downloader.Banload.15 (paranoid
heuristics)]
VirusBuster 4.3.7:9/20070325 found [Packed/NSPack]
Webwasher-Gateway 6.0.1/20070325 found [Trojan.Delphi.Downloader.Gen]

[ notes ]
packers: NSPACK
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that
are deemed suspicious through heuristics.

So, be careful of this malware and start deleting the testimonials/messages etc.
 
Last edited:

Cool G5

Conversation Architect
I also got a testimonial from my friend in some unknown language.It was also similar to the above posted one.He also is sure that he did not send it.
 

Pathik

Google Bot
all this has been happening since long back... did no1 of u know this???... just ignore/delete such msgs/testi/scraps...
 
OP
Kiran.dks

Kiran.dks

Technomancer
I have received many such scraps. But this is the first time it came as a testimonial using my friend ID. Many others might come across this in future. Please see that you don't click on such links.

Thanks to phreak0utt for posting the report here. I too sent it to VirusTotal earlier this evening. Still waiting for the report.

This does throw some light on the capabilities of AntiVirus Products.....
Avast! and AVG has found nothing....now that's strange considering the popularity of these too antivirus products.
AntiVir, the less popular one has detected it.
 

Harvik780

ToTheBeatOfUrHeart
Ya,thanks for the update.I have been using avast for quiet a while but this has made me think again on searching for better protection.
 

neilsequeira

Right off the assembly line
you idot lol thats a porn bot who wants to kill you ya i mean it its porn bot which is a infilitration in design. go it ? or am i too technical :D. its a virus or a trojan written by some idiot (Custom made)

**** the intelligent me download this shidd from some orkut freind who was given a testimonial by some fake Orkut ID :( one pc in RWW is infected by virus because of me and the dont know. the virus was some file - like pic.jpg.exe :D
 
Last edited:
OP
Kiran.dks

Kiran.dks

Technomancer
neilsequeira said:
you idot lol thats a porn bot who wants to kill you ya i mean it its porn bot which is a infilitration in design. go it ? or am i too technical :D. its a virus or a trojan written by some idiot (Custom made)

**** the intelligent me download this shidd from some orkut freind who was given a testimonial by some fake Orkut ID :( one pc in RWW is infected by virus because of me and the dont know. the virus was some file - like pic.jpg.exe :D

Do u have any kind of forum ethics? I have seen u always barking and messing up here. Your act against some of our reputed members has been very rude and senseless. Learn some ethics and enter the technical forum.
 

phreak0ut

The Thread Killer >:)
@Kiran-Thanks a lot for the translation. I posted the report in such excitement that I overlooked whatever was posted before. Thanks for letting us all know. Dunno what these guys get by sending such malwares. Well, I'm safe on linux :D
 
neilsequeira said:
you idot lol thats a porn bot who wants to kill you ya i mean it its porn bot which is a infilitration in design. go it ? or am i too technical :D. its a virus or a trojan written by some idiot (Custom made)

**** the intelligent me download this shidd from some orkut freind who was given a testimonial by some fake Orkut ID :( one pc in RWW is infected by virus because of me and the dont know. the virus was some file - like pic.jpg.exe :D

Is this Guy trying to act smart..Dude get a life...this is not yahoo chat where u can use chat lingos..whatever u want to say,write in human readable form. :D:D:D ,if u can write simple English at all...and dont think u r ultimate geek ever born on Earth.. :p:p:p
 
OP
Kiran.dks

Kiran.dks

Technomancer
BTW, here are details of the trojan.
It is a new one discovered on 04/01/2007. Avast! and AVG are not fast in providing rapid updates I guess...they missed the trojan.

So friends, be careful. It is a new one. Most paid versions are detecting it. But not all of free antivirus versions.

Name: TR/Drop.Delf.YX detected as TR/Delphi.Downloader.Gen by AntiVir
Date discovered: 04/01/2007
Type: Trojan
Subtype: Dropper
In the wild: No
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low to medium
Static file: Yes
File size: 109.056 Bytes
MD5 checksum: 7084ec1ce75b6a3521df3e224d5421c7
VDF version: 6.35.01.100 - Wed, 16 Aug 2006 09:57 (GMT+1)
IVDF version: 6.35.01.101

Aliases:
• Kaspersky: Trojan-Dropper.Win32.Delf.yx
• Sophos: Troj/Delf-DKS
• Grisoft: Dropper.Generic.GKO
• Eset: Win32/TrojanDropper.Delf.YX
• Bitdefender: Trojan.Downloader.Delf.ST

Programming language:
The malware program was written in Delphi.

More Details
 

Maverick340

Ambassador of Buzz
Yep . This happened to two of my friends too. The main problem is how are the accounts being hacked? This is a very grave problem. As users keep trying to reprot instances of Account being Hacked to Google using the contact us page on orkut.
 
Status
Not open for further replies.
Top Bottom