# WARNING: Orkut ID Hacked and Testimonial written in some language...!!



## Kiran.dks (Mar 25, 2007)

Today I received email notification that my friend "Raj" has written a testimonial for me. I logged in Orkut and found something bizzare. A testimonial from my friend in some language and a link. I found it strange. My friend Raj revealed that he never wrote a testimonial for me!! He is astonished and so am I too!

The testimonial leads to a website. I clicked on the link. Instead of opening the page, it download a exe file of 145KB. I downloaded it and scanned for spywares. I found nothing. But I am not sure of running the exe.

The whole point in posting this thread is to spread awareness.

Below is the snap shot of the testimonial I recieved. It says it is from Raj(My friend). He never sent it!

*i142.photobucket.com/albums/r116/kiran_rkk/Miscellaneous/1.jpg


----------



## SoFtEcH (Mar 25, 2007)

OMG@ this is weird....


----------



## phreak0ut (Mar 25, 2007)

Thanks a lot for sharing Kiran. Need to spread this news asap!!


----------



## Kiran.dks (Mar 25, 2007)

Ok guys...I did some R&D of the language used. It turned out to be Portugese!!

*Here is the translation:*


> Its presence is a gift for the world You is unico(a) and alone you have an equal person Its life you can be what to want that is Alive the days, only one of each time Counts to its bençãos, its problems You will not surpass them, you happen what to happen Inside of you she has many answers Understands, you have courage, either strong you do not impose limits exactly itself... Many of your dreams are for being carried through. E this image below complements everything what you mean:
> h**p://urlcut.com/img12
> Happinesses 1000!



What the heck is this??? Bloody hacker.


----------



## phreak0ut (Mar 25, 2007)

Guys, I had downloaded the malware and submitted the file to virustotal.com, which does a scan for suspicious behaviour with various antivirus. Here is the report which I got in my mail



> Complete scanning result of "x.exe", processed in VirusTotal at 03/25/2007
> 13:41:39 (CET).
> 
> [ file data ]
> ...



So, be careful of this malware and start deleting the testimonials/messages etc.


----------



## Cool G5 (Mar 25, 2007)

I also got a testimonial from my friend in some unknown language.It was also similar to the above posted one.He also is sure that he did not send it.


----------



## Pathik (Mar 25, 2007)

all this has been happening since long back... did no1 of u know this???... just ignore/delete such msgs/testi/scraps...


----------



## Tech Geek (Mar 25, 2007)

even i recieve it once a weeek
just ignore it and delete it


----------



## Kiran.dks (Mar 25, 2007)

I have received many such scraps. But this is the first time it came as a testimonial using my friend ID. Many others might come across this in future. Please see that you don't click on such links. 

Thanks to phreak0utt for posting the report here. I too sent it to VirusTotal earlier this evening. Still waiting for the report. 

This does throw some light on the capabilities of AntiVirus Products.....
Avast! and AVG has found nothing....now that's strange considering the popularity of these too antivirus products. 
AntiVir, the less popular one has detected it.


----------



## Harvik780 (Mar 25, 2007)

Ya,thanks for the update.I have been using avast for quiet a while but this has made me think again on searching for better protection.


----------



## neilsequeira (Mar 26, 2007)

you idot lol thats a porn bot who wants to kill you ya i mean it its porn bot which is a infilitration in design. go it ? or am i too technical . its a virus or a trojan written by some idiot (Custom made)

**** the intelligent me download this shidd from some orkut freind who was given a testimonial by some fake Orkut ID  one pc in RWW is infected by virus because of me and the dont know. the virus was some file - like pic.jpg.exe


----------



## Kiran.dks (Mar 26, 2007)

neilsequeira said:
			
		

> you idot lol thats a porn bot who wants to kill you ya i mean it its porn bot which is a infilitration in design. go it ? or am i too technical . its a virus or a trojan written by some idiot (Custom made)
> 
> **** the intelligent me download this shidd from some orkut freind who was given a testimonial by some fake Orkut ID  one pc in RWW is infected by virus because of me and the dont know. the virus was some file - like pic.jpg.exe



Do u have any kind of forum ethics? I have seen u always barking and messing up here. Your act against some of our reputed members has been very rude and senseless. Learn some ethics and enter the technical forum.


----------



## shantanu (Mar 26, 2007)

r u sure its in portugese..


----------



## Kiran.dks (Mar 26, 2007)

Yes. I am sure it is portugese. Hence the translation...


----------



## ssdivisiongermany1933 (Mar 26, 2007)

I have stopped using orkut , waste of time


----------



## Tech.Masti (Mar 26, 2007)

Thanks for the information friends.....


----------



## phreak0ut (Mar 26, 2007)

@Kiran-Thanks a lot for the translation. I posted the report in such excitement that I overlooked whatever was posted before. Thanks for letting us all know. Dunno what these guys get by sending such malwares. Well, I'm safe on linux


----------



## alok4best (Mar 26, 2007)

neilsequeira said:
			
		

> you idot lol thats a porn bot who wants to kill you ya i mean it its porn bot which is a infilitration in design. go it ? or am i too technical . its a virus or a trojan written by some idiot (Custom made)
> 
> **** the intelligent me download this shidd from some orkut freind who was given a testimonial by some fake Orkut ID  one pc in RWW is infected by virus because of me and the dont know. the virus was some file - like pic.jpg.exe



Is this Guy trying to act smart..Dude get a life...this is not yahoo chat where u can use chat lingos..whatever u want to say,write in human readable form.  ,if u can write simple English at all...and dont think u r ultimate geek ever born on Earth..


----------



## Kiran.dks (Mar 26, 2007)

BTW, here are details of the trojan.
It is a new one discovered on 04/01/2007. Avast! and AVG are not fast in providing rapid updates I guess...they missed the trojan.

So friends, be careful. It is a new one. Most paid versions are detecting it. But not all of free antivirus versions.

*Name: TR/Drop.Delf.YX detected as TR/Delphi.Downloader.Gen by AntiVir*
Date discovered:	04/01/2007
Type:	                      Trojan
Subtype:	           Dropper
In the wild:	           No
Reported Infections:	Low
Distribution Potential:	Low
Damage Potential:	Low to medium
Static file:	           Yes
File size:	           109.056 Bytes
MD5 checksum:  	7084ec1ce75b6a3521df3e224d5421c7
VDF version:	           6.35.01.100 - Wed, 16 Aug 2006 09:57 (GMT+1)
IVDF version:	           6.35.01.101

*Aliases:*
   •  Kaspersky: Trojan-Dropper.Win32.Delf.yx 
   •  Sophos: Troj/Delf-DKS 
   •  Grisoft: Dropper.Generic.GKO 
   •  Eset: Win32/TrojanDropper.Delf.YX 
   •  Bitdefender: Trojan.Downloader.Delf.ST

*Programming language:*
The malware program was written in Delphi.

More Details


----------



## Maverick340 (Mar 27, 2007)

Yep . This happened to two of my friends too. The main problem is how are the accounts being hacked? This is a very grave problem. As users keep trying to reprot instances of Account being Hacked to Google using the contact us page on orkut.


----------



## alok4best (Mar 27, 2007)

Accounts are being hacked because their respective owners are not alert.U cud be using a Comp on which Keylogger is installed..or u can be a victim of phising,fake web pages,trojans,viruses..etc etc...


----------



## mehulved (Mar 27, 2007)

Always be caredul when using links from tinyurl, snipurl, urlcut and such. If possible ask the person who sent you the link, if that link has been actually sent by them and what it points to and maybe even ask for original link rather. These url snipping services have been misused a lot.


----------



## Pathik (Mar 27, 2007)

tech_your_future said:
			
		

> Always be caredul when using links from tinyurl, snipurl, urlcut and such. If possible ask the person who sent you the link, if that link has been actually sent by them and what it points to and maybe even ask for original link rather. These url snipping services have been misused a lot.


these links r not cloaked...
even if u click on them than after some time wen the page just starts to load u can see the original url in the status bar..


----------



## crystal_pup (Mar 27, 2007)

its a spam ya...


----------



## Maverick340 (Mar 27, 2007)

alok4best said:
			
		

> Accounts are being hacked because their respective owners are not alert.U cud be using a Comp on which Keylogger is installed..or u can be a victim of phising,fake web pages,trojans,viruses..etc etc...


Nahi yaar. These tow friends of mine arent simpletons. They wouldn't have left passwords astray. Theres is something more to it .


----------



## neilsequeira (Apr 14, 2007)

about forum ethics you people should learn what you are doing. i dont want to speak more. i seen the whole forum and this thing has not helped me in anything. i am sorry for this but i am quitting


----------



## K750 (Apr 30, 2007)

i never recieved such things , since i joined orkut


----------

