'Bom Sabado' attack on Orkut

In the second major XSS (cross-site scripting) attack on a major social networking service this week, Google owned Orkut was flooded with “Bom Sabado” scraps.

The word “Bom Sabado” means “Good Saturday” in Portuguese, which is the also the official language of Brazil, one of the last remaining Orkut bastions in the world.

The worm seems to be posting scraps with the text “Bom Sabado” and also adding affected users to new Orkut groups. Such XSS attacks have targeted Orkut in the past too

Experts have advised users to avoid logging on to Orkut till Orkut engineers fix the hole and also not to click on any suspicious links. Orkut had just last month announced new updates to the website.

In my suggestion don’t even click on the “Bom Sabado” text as its major flowing way is JavaScript which gets initiated when user clicks on the scrap with text “Bom Sabado” and also don’t go to any fake community links added to your account.

Earlier this week, the popular microblogging website Twitter was also at the receiving end of an XSS exploit. The attack, which emerged and was shut down within hours Tuesday morning, involved a XSS flaw that allowed users to run JavaScript programs on other computers.