Bom Sabado is an orkut virus affecting profiles of many. Those who are affected by this virus are advised to change password and security question. Log out immediately and also clear the cookies and history.Users are also advised not to open Orkut account until the problem solved. Orkut had just last month announced new updates to the website. It’s a second time Orkut got affected by this kind of viruses. The same virus has hit Orkut last Feb also.
A few hours back, the Bom Sabado virus seems to have started and now it is all over orkut scraps that spreading from friend to friends. It is an auto generated message which is filing your scrapebooks. The scraps come from the friend list and it comes just like any other normal orkut scraps. Users are also advised not to open such scraps. The bug is hitting your cookies and automatically sending messages to your friend list.
If anyone reads this scrap even in their profile, their cookies are also stoled and so they are also posting scrap automatically to their friend list same scrap as bomb something like.
Orkut officials have not clear yet that the Bom Sabado is a virus or not. In week, this is a second XSS attack on a social networking website. The popular microblogging website Twitter was also attacked by a computer worm created by Norwegian. Twitter was received an XSS exploit, the attack, which emerged and was shut down within hours Tuesday morning and involved a XSS flaw that allowed users to run JavaScript programs on other computers.
So do not login to your orkut account,
If you want to change password, use this link www.google.com/accounts/
Solutions:-
Do not visit any profile on Orkut till this script is blocked
Clear your cookies and cache right away and change your password and security question:
Another solution :-
I have already posted a solution at many blogging sites. For everyone whose orkut account has been affected with the %u2018bom sabado%u2019 worm %u2026. The worm injects a hidden iframe containing a malicious javascript http://tptools.org/worm.js [do not click this], which steals the user cookie which contains the password in an encoded form. So the attacker do not get to know your plaintext password but can login using your credentials by impersonating using the cookie to fool the identification system. So a trivial solution is to diable javascript, another solution is to disable iframes or u can take an advanced measure by blocking the domain http://tptools.org/ by editing your hosts file and redirecting it to a safe address, say 127.0.0.1 go to C:windowssystem32driversetc There is a file named %u2018hosts%u2019. By default it is read-only. Go to it properties and uncheck the tickmark beside read-only edit it with you favourite editor. add this line at the end of it 127.0.0.1 tptools.org save it. and then restart your network interface. ( in simple words, just reconnect your interner connection ) and bingo!! the worm%u2019ll be useless. Hope this helps..
No comments:
Post a Comment