orkut virus...................

"Bom Sabado" virus on Orkut – A review

It was Saturday, Sep 25th 2010, afternoon when I switched on my laptop and  as usual, visited the Orkut Help forum. I found several posts asking for details on a text scrap : "Bom Sabado" which I knew nothing about. I too wondered what it was as I had no idea about it till then. Later, I came to know that it was a worm/virus which had already hit Orkut and was infecting Orkut users badly. According to tech crunch, It was the third huge web service to face  turbulence after Twitter and Facebook service fails.

What was Bom Sabado :

"Bom Sabado"  is  a Portuguese word which means : "Good Saturday"

It is assumed that the script was coded by some Brazilian hackers who knew it well that attacking Orkut/Google on weekends would give them a big chance to spread this worm and to much extent they succeeded too! Till now, a user needs to click on some malacious link or run java script while logged on to Orkut. The most unique thing about this script was that, it was being executed automatically just by visiting infected Orkut Profiles or opening scrapbook where malicious codes were posted.

When an Orkut user was visiting an infected profile/clicking on infected link :

1. The script was automatically being executed and the browser was being "hanged" temporarily.
2. The script was then causing to join few public communities automatically and was sending a common scrap to everyone in the friends list with some hidden script inside it. The text being scrapped was : "Bom Sabado!" It was also causing users to post malicious codes in community posts automatically.
3. The script was also causing to edit "status message" and "about me" details with malicious codes.
4. As this script was sending too many automated request, users who got infected and didn't close their browser/logged out of the profile were getting an error message something like this ( not precious ) : "Sorry! Your computer is sending too many automated request and we are unable to process it. Please try again later"
5. The script was also suspected to steal cookies of the infected users and that might be true to much extent. Basically, this script combined all the 3 previous scripts which had already been blocked by Orkut : "Common mass scrap", "Cookie stealing" and "Auto execution of malicious codes".

What were the superstitions about "Bom Sabado" :

Few websites had reported that the virus was affecting some damage to the computer system also which wasn't true. This script was only affecting Orkutprofile ( or Google account in general sense ). Also, few websites claimed that users could safely use Orkut after blocking those sites ( by editing host file of our computer system ) which were allegedly being used to host those scripts by the hackers such as convites.001webs.com – Unfortunately, this was simply WRONG!

The concept was that, by editing host file on our computer system, they suggested to block and reject all requests by those websites where these scripts were allegedly hosted. Yeah, that would work without any doubt but in cases such as these, no one knows how many hosting sites are being used ( Even if someone manages to contact the domain registrar or web hosting and get those sites suspended, hacker can host it on another domain ) and hence one cannot say for sure that only 2-3 hosting sites have been used and it's safe to browse after blocking requests from them! It's never wise to do that!

The best way to stop "Bom Sabado" worm was :

1. Not to use Orkut profile till a fix had been done by the Orkut Team.

2. If someone got infected, he was not being allowed to use Orkut due to the excessive automatic request sent to the Google server followed by an error message to "unable the process temporarily". The best way to stop this was to clear cookies and cache and then change the Google account password ( which would change Orkut password too ) from here :

https://www.google.com/accounts/

Present Status of "Bom Sabado" virus :

This virus has been reported to be blocked in an official announcement by the Orkut Team. But, we cannot deny the fact that Orkut, being a social networking site, is more vulnerable to such threats and this kind of attacks may be repeated in future too ( though the impact may not be as big as this one! ). For future reference, Orkut users should always remember and follow what has been posted as the "best answer" in this thread by ghafoortabish ( me ) :

http://www.google.co.in/support/forum/p/orkut/thread?tid=4ef1add575e866b9&hl=en

Few fun facts about "Bom Sabado" :

1. Whatever it was – a worm or a virus, but it definitely did advertise a lot about Orkut

A high peak was noted on currently trending on Google. Very few people ( except people from India, Brazil and Pakistan ) knew about Orkut, but this worm was such a hit that it found some space in almost all the biggest online blogs/ tech sites hence drawing some attention of most of the users across the Globe!

2. Almost, all the websites/blogs had no details about the issue and all they could get to post about it was my "reply" of this thread :

http://www.google.com/support/forum/p/orkut/thread?tid=3d2317cae932b48c&hl=en

Oops… If I'd known that my reply would be floating all around, I would have posted a detailed information about it explaining how to protect Orkutprofile from the attack till a fix was done by the Team!  Orkut profile was being blocked temporarily due to excessive automated request and only few users know that an alternate way to change Orkut profile password is by visiting this link directly:

https://www.google.com/accounts/

and this is what I mainly wanted to let everyone know in that post! o_O  ;)