The virus is called "Bom Sabado", meaning "Good Saturday" in portugese. This is yet another XSS attack, thereby making it the second XSS attack on a major website this week. Earlier this week, Twitter faced a similar attack. There is no official update from google yet on this issue.
What does it do?
- Makes your browser hang for a moment
- Adds you to the attacker's communities (orkut equivalent of facebook fan pages) without your consent
- Sends a scrap (orkut equivalent of facebook wall) to all your friends without your consent, with the text "Bom Sabado" and a piece of code that will do the same set of actions when your friend log in to his/her account
How to prevent this?
- Unlike the twitter XSS attack, this is a severe one that steals your cookies and thereby impersonate your session. If you have logged in to orkut anytime today, clear your cookies and cache of your browser.
- To be safe, change your google account password and security question. To do this, go to https://www.google.com/accounts
- Do not visit orkut until google officially says that they have fixed it. For updates, keep looking here
- If your account seems to be behaving crazy or if its totally compromised, then see here for a solution.
- Delete your orkut account and join facebook !
I badly want to use orkut now!
Edit your hosts file (Windows - C:\windows\system32\drivers\etc\hosts; Linux - /etc/hosts) and add the following lines:
I will try to update this post once there are some official responses from google.