Orkut Attacked by Bom Sabado (Google update in description below)
Loading...
Uploaded by madhubani36town on Sep 25, 2010
UPDATE(monday)
A Google spokesperson issued the following statement: We took swift action to fix a cross-site scripting (XSS) vulnerability on orkut.com that was discovered early Saturday. We were aware of a script being used to spread messages on orkut, but our analysis of the script code did not reveal any evidence of users' accounts becoming compromised; nonetheless, the issue is now resolved. We're in the process of cleaning affected profiles, and we are studying the vulnerability to help prevent similar issues in the future.
********************************************************************************
The worm injects a hidden iframe containing a malicious javascript http://tptools.org/worm.js [do not click this], which steals the user cookie which contains the password in an encoded form. So the attacker do not get to know your plaintext password but can login using your credentials by impersonating using the cookie to fool the identification system.
1)So a trivial solution is to diable javascript, another solution is to disable iframes or u can take an advanced measure by blocking the domain http://tptools.org/ by editing your hosts file and redirecting it to a safe address, say 127.0.0.1
go to C:\windows\system32\drivers\etc\
There is a file named 'hosts'. By default it is read-only. Go to it properties and uncheck the tickmark beside read-only
edit it with you favourite editor.
add this line at the end of it
127.0.0.1 tptools.org
save it. and then restart your network interface. ( in simple words, just reconnect your interner connection ) and bingo!! the worm'll be useless.
2)Another Solution:
Worm Inject a hidden iframe so better avoid it use this simple firefox technique to browse securely: https://docs.google.com/document/pub?id=1AadoIcyLNdMQF8fH2P98I5GWAVoaf05YzcTY...
Hope this will work :)
Uploader Comments (madhubani36town)
All Comments (10)
-
Thir is some more problum > unwanted communities have joind automatically.
how to get ride.
-
it's a virus(worm) affected millions of accounts today!!
-
What is this.. Bom sabado! is it a Virus or Something???
Brasil ka Virus Lagta hai
-
bhag bhosdi...
4:39
Orkut attacked by 'Bom Sabado' wormby AyogRai2,313 views- 0:36
Orkut attacked by Bom Sabado worm - ( Updated Help - How to stay away !)by vuzuman680 views
- 0:45
Google.com cross site scriptingby anjin33945 views
- 0:25
Orkut gets Hacked by ' Bom Sabado ' Virus - Rectified - Says Googleby enriquemovies469 views
- 1:05
HACK ANY ORKUT ACCOUNT PASSWORD.DATby gufran11739,015 views
- 2:36
How to remove Google Update from Windows Servicesby PeteRoy7,000 views
- 1:36
Bom Sabado virus Orkut hacked.aviby rjwebzone332 views
- 8:11
TreeFM , Send mass amount of Scraps in Orkutby OrkutTutorials14,767 views
- 0:44
orkut bom sabado worm Prevent Solutionby nicky5616228 views
- 8:14
to add song in abot me on orkut.wmvby syedmohdalihasan5,175 views
- 4:31
hack orkut password (2010)by MrHacker213140,267 views
- 9:46
[01/03] Rose bom bom - Sabado - PapaGby Ponchop37,232 views
- 2:48
Bom-Sabado.mp4by mahaveer1976197 views
- 8:08
Como colocar Alerta no seu orkut (xss) | How to put on your orkut alert (xss)by William20081,034 views
- 5:44
Luiz Moreno entrevistando Rodrigo Lacerda (Rodlac)by umpecado4,281 views
- 2:55
BOM SABADOby sidhartRON332 views
- 3:18
Attack site example attempting to take control of computer 2010_08_19 10:30AMby maeon33,924 views
- 0:47
orkut password hackingby sangeet3335534,879 views
- 5:17
H20® /EIC Defenders from PORTUGAL - Um bom sabadoby GFTIME471 views
- 1:12
Find security bugs in your PHP applications in an instantby bschotte5,773 views
Google has finally responded through an official forum,they are claiming to have identified the bug that allowed this and have fixed it.
They’re currently working on restoring the affected profiles.
However, few people are claiming for new variants of the worm (such as ORKUT 3XPL0!T5) appear, which suggests that the underlying vulnerability is yet to be plugged.
madhubani36town 1 year ago
The worm injects a hidden iframe containing a malicious javascript, which steals the user cookie which contains the password in an encoded form. So the attacker do not get to know your plaintext password but can login using your credentials by impersonating using the cookie to fool the identification system.
madhubani36town 1 year ago
Use m.orkut.com to open the non html version of orkut to check your scraps.
This is the mobile version of Orkut which is working.Check the scraps and sadly though u cant delete them.
madhubani36town 1 year ago
Hey I have solv that probs... just clear the cookies > dont need to change password..
MrKeshavnaidu 1 year ago
@MrKeshavnaidu but thats not the issue,issue is that if the hackers have got your password(encrypted) through cookies then you sud change that b4 smething else happens to you
madhubani36town 1 year ago
The worm appears to have originated in Brazil, where Orkut is still exceptionally popular. Many of the affected users are noticing the Brazilian flag on their status messages. Additionally, the word ‘Bom Sabado’ means ‘Good Saturday’ in Portuguese, which is the official language of Brazil
madhubani36town 1 year ago