“How to access Orkut inspite of Bom Sabado and stop Scrap Flooding”

///////////////////////////////////////////

How to access Orkut inspite of Bom Sabado and stop Scrap Flooding














If you have logged in Orkut today, You may have came across Bom Sabado!

which means Good Saturday in Portuguese. It is a malicious code or Cookie

stealing virus spreading on orkut which floods your Friends scrapbook with

scraps saying Bom Sabado! This is a major XSS (cross-site scripting) attack

which was observed back in February also.



Orkut Officials havent given any details but various sources on web

confirmed that its a worm that injects a hidden iframe containing a

malicious javascript .js [do not click this], which steals the user cookie

which contains the password in an encoded form.We cannot confirm whether

Bom Sabado is a virus or not but whomsoever is infected should clear

cookies and change password immediately from here.





How to access Orkut and stop Bom Sabado?



The attacker do not get to know your plain text password but can login

using your credentials by impersonating using the cookie to fool the

identification system. So a trivial solution is to disable javascript,

another solution is to disable iframes or u can take an advanced measure by

blocking the domain by editing your hosts file and redirecting it to a safe

address, say 127.0.0.1



Open your Host file with notepad



Windows 95/98/Me c:\windows\hosts



Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts



Windows XP Home c:\windows\system32\drivers\etc\hosts



and for Windows 7 – C:\windows\system32\drivers\etc\hosts



Add this code at the end -



127.0.0.1 tptools.org



127.0.0.1 www.tptools.org



Still, I would recommend not to use Orkut till the issue is fixed.