If you have logged in Orkut today, You may have came across Bom Sabado! which means Good Saturday in Portuguese. It is a malicious code or Cookie stealing virus spreading on orkut which floods your Friend’s scrapbook with scraps saying Bom Sabado! This is a major XSS (cross-site scripting) attack which was observed back in February also.
Orkut Officials haven’t given any details but various sources on web confirmed that its a worm that injects a hidden iframe containing a malicious javascript .js [do not click this], which steals the user cookie which contains the password in an encoded form.We cannot confirm whether Bom Sabado is a virus or not but whomsoever is infected should clear cookies and change password immediately from here.
How to access Orkut and stop Bom Sabado?
The attacker do not get to know your plain text password but can login using your credentials by impersonating using the cookie to fool the identification system. So a trivial solution is to disable javascript, another solution is to disable iframes or u can take an advanced measure by blocking the domain by editing your hosts file and redirecting it to a safe address, say 127.0.0.1
Open your Host file with notepad
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
and for Windows 7 – C:\windows\system32\drivers\etc\hosts
Add this code at the end -
127.0.0.1 tptools.org
127.0.0.1 www.tptools.org
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
and for Windows 7 – C:\windows\system32\drivers\etc\hosts
Add this code at the end -
127.0.0.1 tptools.org
127.0.0.1 www.tptools.org
Still, I would recommend not to use Orkut till the issue is fixed.
No comments:
Post a Comment