Image via WikipediaThe Bom Sabado infected profiles are automatically posting scraps on the scrapbooks of their friends. The worm is supposed to be hitting your cookies and automatically sending messages to your friends list. Orkut has been the target of such XSS attacks in the past.
The Bom Sabado Worm has affected many orkut profiles. Merely watching the scrap in your scrapbook or your friend's scrapbook may be enough to get your account hacked. The cookies of the viewers of the scrap are stolen and an automatic scrap is posted to their friends list creating a scrap bomb kind of thing.
The affected users are advised to clear their cookies and history immediately after logging out of the website. They are also advised by experts to change the password and security question. If you log in to Orkut using google account, you can change your account password and other settings from the following link.
www.google.com/accounts.
Experts have also advised to avoid logging on to Orkut until the problem is fixed by the engineers.
The micro blogging website twitter was also target of an XSS attack by a computer worm created by Norwegian. The XSS flaw in twitter allowed users to run JavaScript programs on other's computers.
source : http://blog.taragana.com/index.php/archive/bom-sabado-worm-infected-in-orkut/
