Google's social networking site is being used to spread a malicious spam campaign, which can open up users' PCs to remote hackers.
The Google Orkut website is being used by spammers to profit from the Web 2.0 functionality of the site, said security firm Websense.
A spoofed personal message, in Portuguese, is being sent from a user allegedly on the Orkut network seeking love. The message contains several links that appear to lead to the official Orkut website.
Clicking on a link actually leads to a malicious executable file, which is a Trojan Downloader named "imagem.exe".
The malicious file opens the legitimate Orkut network login page, and in the background downloads a password-stealing Trojan named "msn.exe".
The Trojans in this attack are hosted on a compromised labour union website from southern Brazil.