How to Stop Bom Sabado Worm? Here is the way!

Everyone whose orkut account has been affected with the Sabado Worm, can use this simple trick to get out of this issue. People whose account is not yet affected, please follow the below steps to keep this worm away from your accounts.

The worm injects a hidden iframe containing a malicious javascript [do not click this] http: //tptools. org/ worm . js [do not click this], which steals the user cookie which contains the password in an encoded form. Even though the attacker does not get to know your password, they can login to your account using your credentials by impersonating the cookie to fool the identification system. 

So a trivial solution is to diable javascript, another solution is to disable iframes or u can take an advanced measure by blocking the domain http : // tptools . org / by editing your hosts file and redirecting it to a safe address, say 127.0.0.1 go to C:>windows>system32>driversetc There is a file named %u2018hosts%u2019. It is a read-only file. Go to it's properties and un-check the read-only option and edit it with you favourite editor. add this line at the end of it 127.0.0.1 tptools.org save it. and then restart your network interface. ( in simple words, just reconnect your internet connection ). Bingo!! the worm%u2019ll became useless!!!! 

Orkut is attached by Bom Sabado Worm!!!

In a major XSS (cross-site scripting) attack this week, Google owned Orkut was flooded with "Bom Sabado" scraps.

The word "Bom Sabado" means "Good Saturday" in Portuguese, which is the also the official language of Brazil, one of the last remaining Orkut bastions in the world.

The worm seems to be posting scraps with the text "Bom Sabado" and also adding affected users to new Orkut groups. Such XSS attacks have targeted Orkut in the past too.

Experts have advised users to avoid logging on to Orkut till Orkut engineers fix the hole and also not to click on any suspicious links. Orkut had just last month announced new updates to the website.

Earlier this week, the popular microblogging website Twitter was also at the receiving end of an XSS exploit. The attack, which emerged and was shut down within hours Tuesday morning, involved a XSS flaw that allowed users to run JavaScript programs on other computers.

Earlier on Sep 2010, the most popular social networking hub with more than 500 million users, Facebook, also faced networking glitches due to an outside technical problem. It was Facebook's most tragic outrage in its history.

Here you have' e-mail worm hits corporate world!!

A new virus based in e-mails with the subject line "Here You have" began running rampant Thursday, hitting corporate America hard.

So far, the virus has already been sighted at ABC/Disney, Google, Coca Cola and NASA, several individuals with knowledge of the situation told. Comcast was forced to shut down its e-mail servers entirely after being hit, a spokesperson said on Twitter.

E-mails that carry the virus contain a link that encourages readers to click on a PDF document file. But rather than a PDF, the file  contains a Windows script that transmits a virus and spams the entire contact list of the person who opened the file.

The worm is similar to the ILoveYou and Anna Kournikova worms, which spread in 2000 and 2001, and is a type of malware that has not been a major problem since around 2002, according to David Cowings, a senior manager with Symantec Security Response. "It looks like we've had a resurgence of mass-mailing worms," he said.

This latest worm seems to do nothing more than send itself out, using the victim's contact list. Cowings said "It appears to be mailing itself to all of the mailing lists that are in someone's contacts. It may also go to individuals," he said. The worm appeared to be affecting Outlook e-mail users, but it's not clear if it is also affecting users of other mail programs.

The body of the e-mail typically says something like, "Hello... this is the document I told you about, you can find it here." Because the worm is spreading via contact lists, the e-mail often comes from someone the victim knows.

A note posted on the McAfee site Thursday afternoon said: "It looks like multiple variants may be spreading and may take some time to work through them all to paint a clearer picture."

China tried to hack India's computers: NSA

Chinese hackers have tried to penetrate computers in the offices of National Security Adviser M K Narayanan, a British paper on Monday quoted him as saying.

Narayanan said his office and other Government departments were targeted on December 15, the same date that US defence, finance and technology companies, including Google, reported cyber attacks from China.

"This was not the first instance of an attempt to hack into our computers," Narayanan told The Times in an interview, adding the would-be hackers sent an e-mail with a PDF attachment containing a Trojan virus.

The virus, which allows hackers to download or delete files, was detected and officials were told not to log on until it was eliminated, Narayanan said.

"People seem to be fairly sure it was the Chinese. It is difficult to find the exact source but this is the main suspicion. It seems well founded," he told The Times, adding that India was cooperating with the US and Britain to bolster its cyber defences.

The Chinese government has denied any role in the attacks, with a foreign ministry spokeswoman saying: "Hacking in whatever form is prohibited by law in China."

Narayanan said that while he expected China to be an increasingly high security priority for India, the main threat still came from militants based in Pakistan.

He said Islamabad had done nothing to dismantle militant groups since the 26/11 Mumbai attacks, and criticised Britain for accepting its excuse that such groups were beyond its control.

"The British are still blinkered on this. We believe Pakistan's policy of using terror as a policy weapon remains," Narayanan said, adding India is anxious to prevent an attack from Pakistan during the Commonwealth Games in October.

"From Pakistan's point of view, it's important to disrupt the Games so you can claim that India is not a safe place," Narayanan said

Google threatens to leave China

Google has threatened to close its operations and offices in China after hacking of email accounts of many human rights activists.

In a statement on its blog on Tuesday, the world's second biggest corporate said it has detected in December "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.''

The main goal of the attackers was access the Gmail accounts of Chinese human rights activists, the statement said. But they didn't succeed as "only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves,'' Google said.

But independent of this attack, Google said it has "discovered that the accounts of dozens of US, China and Europe based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties.

"These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.''

The Mountain View-based company said it has made "infrastructure and architectural improvements that enhance security for Google'' and urged users to deploy anti-virus and anti-spy ware programmes. These attacks, Google said, have forced it to "review the feasibility of our business operations in China.''

The company, which had agreed to censor of Google.cn at its launch in 2006, said it was "no longer willing to continue censoring our results on Google.cn.''

Google said it will soon hold discussions the Chinese soon whether it can operate an unfiltered search engine. "We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,'' the blog warned.

Orkut is barned. Muhahaha!! Here is the solution!

Are you not able to use Orkut from your home computer??

"Orkut is banned you fool, The administrators didnt write this program

guess who did?? MUHAHAHA!!"

Are you not able to use Firefox on your computer??

Here is the solution!

If you find those messages when you try to brows; chances are your computer is affected with a virus called w32.USB worm...

w32.USB Worm

It is spreading through Pen,USB,Thump disk thats why the name

It shows messages like

"I DNT HATE MOZILLA BUT USE IE OR ELSE..."

"USE INTERNET EXPLORER U DOPE"

"Orkut is banned you fool, The administrators didnt write this program

guess who did?? MUHAHAHA!!" with title ORKUT IS BANNED

hi if u c any of the following msgs while u r working on your pc

you are possibly infected with a worm "w32.usb worm"

solution:

*********

1. Press CTRL+ALT+DEL and go to the processes tab

2. Look for "svchost.exe" under the image name. There will be many but

look for the ones which have your username under the username

[username : it is ur login name or default user name which you might have

provided. if you are still not sure open start button. the one that

appears on the top is your "username"]

3. Press DEL to kill these files. It will give you a warning, Press Yes

4. Repeat for more svchost.exe files with your username and repeat. Do

not kill svchost.exe with system, local service or network service!

5. Now open run command start>run> and type "command" without quotes

now you will see the command prompt.

x:\docume~1\

where x [mostly c] is your main drive and is the login name.

now in the command prompt type as follows

c:\docume~1\ cd\

[this will send u to the root directory i.e. C: in this case]

now

c:\attrib heap41a -s -h

[will remove the system and hidden attributes of the folder "heap41a"

which is the main worm planted folder for autorun]

c:\rem heap41a

this will remove the heap41a folder from ur system.

if it is not allowed try logoff n login again n go to the command

promt again n C:\rem heap41a

now it must b removed

now the final part

open run command type "regedit"

search for "heap41a" without quotes [use f3 function key for searching]

and delete them

now you are free to open orkut.

finally also check one more thg.

i.e. open my computer>tools> folder options>view tab>

check vit the hidden folders n files

check if unhide is working

if it is not working then possibly u might have been infected vit

"Ravmon.exe"

try installing some anti spyware software like "adaware" and scan your pc

for removal.

thats it.

Don't forget to update your anti virus regularly.....