Orkut Gets Flooded with ‘Bom Sabado’ Scraps
By on September 25th, 2010

If you are amongst the few who still give a damn about Orkut, you might have noticed something fishy going on over the past few hours. A large number of users are randomly flooding their friend’s scrapbooks (Orkut’s equivalent of Facebook Wall) with the following message:

Orkut-Hack-Bom-Sabado

It doesn’t take a genius to figure out that the “Bom Sabado!” messages are automatically generated by a script. However, it is not clear if this is simply a script exploiting vulnerability in Orkut, or have the accounts sending the automated scraps been compromised.

If you are amongst those affected, it’s highly recommended that you follow the steps highlighted below:

  • Switch to the “older version” of Orkut.
  • Log out of Orkut.
  • Clean your browser’s cache and cookies.
  • Log in and change your password and security question.

If you haven’t been affected yet, it is strongly advised that you avoid Orkut until the issue has been resolved. I managed to trigger the same exploit while researching this article. Recently other high profile websites like Twitter and YouTube also fell victim to XSS attacks.

This is a developing story; we will update this topic as soon as we learn more. In the meanwhile, stay tuned to Techie Buzz and don’t forget to share your experience, if you have also been affected.

Update 1: The worm appears to have originated in Brazil, where Orkut is still exceptionally popular. Many of the affected users are noticing the Brazilian flag on their status messages. Additionally, the word ‘Bom Sabado’ means ‘Good Saturday’ in Portuguese, which is the official language of Brazil. We are still awaiting an official response from Google.
Update 2: ‘Bom Sabado’ is now trending on Google.

Bom-Sabado

Update 3: Google has finally responded. An update posted on the official forum claims that the ‘Bom Sabado’ bug has been contained.

We’ve contained the “Bom Sabado” virus and have identified the bug that allowed this and have fixed it.
We’re currently working on restoring the affected profiles.

However, we are seeing new variants of the worm (such as ORKUT 3XPL0!T5) appear, which suggests that the underlying vulnerability is yet to be plugged.

Update 4: Google has officially confirmed that the attack did not lead to any compromised user account information. For more information check our follow-up post.

Tags: , , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
    Warning: call_user_func() expects parameter 1 to be a valid callback, function 'advanced_comment' not found or invalid function name in /home/keith/techie-buzz.com/htdocs/wp-includes/comment-template.php on line 1694
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN