Russian social networking worm wipes hard drive files

Vkontakte is the most popular social-networking website in Russia with over 12 million users, and is said to be the most popular Russian website full stop in terms of visitors (yes, even beating their home grown search engines).


It’s sadly no surprise then to discover that the criminal underground have attempted to take advantage of the site – which bears an uncanny resemblance to Facebook – by spreading a worm.

The W32/VKon-A worm executes its payload at 10am on the 25th of any month, wiping all files on the user’s C: drive.  The guys in SophosLabs added specific detection for it yesterday, but Sophos products were already capable of detecting it proactively as Mal/Generic-A.

More information about this threat, including a screen capture of the cartoon it displays when it runs, can be found on the blog run by our friends at Kaspersky Lab.

Of course, this isn’t the first time that a social networking website has been struck by a malware attack.  For instance, in December 2007, Google’s Orkut site was hit by an infection which used a cross-site scripting (XSS) attack to infect hundreds of thousands of members’ profiles.

If you’re responsible for securing your business against attacks, you might want to consider once again whether you should have a policy at your web gateway controlling which users can access which websites.