[Alert] Orkut Affected By ‘Bom Sabado’ Worm, Stay Away For Now

orkut logo

If you are an avid Orkut user, you might be aware of this new worm which has just been discovered. This XSS (cross-site scripting) attack was allegedly initiated in Brazil, where the social networking site has the most of users than any other country in the world.

The worm hijacks the user account and sends spam scraps to all those in the user’s friend list. The scraps just contain the words “Bom Sabado” with some links attacked to it, clicking on which the receiver’s profile will also get hacked. The worm adds some unrelated communities to the infected accounts and currently thousands of such attacks have been reported.

Bom Sabado virusBom Sabado worm communities

The word “Bom Sabado” stands for “Good Saturday” in Portuguese, the official language of Brazil.

Tip: If you notice that your account has been affected by this worm/virus, logout from your account, clear your browser cache and cookies and then sign back in, then change your password and secret question for the Orkut/Google account. If you account stands good and no traces of hijacking are found, just stay away from Orkut until the engineers fix the issue.

[How-To] Find Suspicious Activity In Your Gmail Account

Gmail is the popular mail service that is being used by huge number of users worldwide.Google (Gmail) always warns users about keeping a stronger password for their Google account, since if the hijacker manages to get your Gmail password, he can virtually access all the Google services associated to that account.

The point to make note here is that the mail services are the most hugely attacked services by the Hijackers/ hackers around the internet.So it is all our responsibility to ensure more safety to it by setting up a stronger password and not revealing this password anywhere else and to anyone else.

But sometimes, your account gets hijacked even without your notice and all your private data gets exposed.Well, they always say “Prevention is better than cure” which aptly sits here.

If your account gets hacked, there won’t be much details available so as to find who the real culprit is.However, Gmail team has come up with an option to display though which agent your account has been accessed (ex: browser), along with the country from where it was accessed (IP address with country name).

To see from where your Gmail account has been accessed in the recent few days, go to bottom of your Gmail inbox, where you can find “Last account activity” section.Click on the “Details” link to see IP addresses of the computers from where your account has been accessed.

gmail last access details

If Gmail finds any unusual/suspicious activity in your account (meaning that somebody is illegally accessing your account possibly accessing from a country where you have never been !!) it warns you change your password immediately (see the screenshots below).

gmail suspicious activity warning

So if you are at anytime concerned over your Gmail account being hijacked by someone, probably this is the first thing you should do : Open the recent activity details accessible from the bottom of your Gmail page and check out for any suspicious access of your account.

How many of you have seen “Suspicious activity” alerts in your Gmail ? Let us know through comments..

Using reCAPTCHA In Your Website To Prevent Comment Spamming

Webmasters should always be conscious about the comments that they get in their sites.Spam comments in any form would affect his own website probably more that what he might have expected and sometimes even may get injected with spam content inside the website domain (read this example).

Webmasters are the responsible for comments on their site and sometimes comments also are considered as the site content.Spammers might leave their site links in the comments which may contain malware or other disgusting content that may be annoying to the typical reader of your site.This is particularly too for blogs.Thankfully, there are plugins like WP-SpamFree (my favourite).

I have come across another possible solution to this comment spamming problem when I came across this post from Google webmaster blog.

Using reCAPTCHA

recaptcha example

CAPTCHA, (short name for Completely Automated Public Turing test to tell Computers and Humans Apart) is a technology that allows us to make sure only humans can post comments or interact with other features of your website.

reCAPTCHA, is a free service owned by Google allows you to use CAPTCHA technology on your site for free.Just signup for reCAPTCHA, get an API key and use this key to setup reCAPTCHA on your site.If you are using WordPress, just install this WordPress CAPTCHA plugin and configure reCAPTCHA for your blog with your API key.

reCAPTCHA Email Protection (Mail hide):

reCAPTCHA also offers “Email Protection” for free.It works this way:

You may have to reveal your email address somewhere on the web and then the spammers through automated programs try to get access to your email and bombard your inbox with loads of spam mails.

When you use reCAPTCHA Email Protection enabled for your email, you email address will be shown fully only to users who enter the code through CAPTCHA, others will see it hidden like this one for example:

john@example.com

To expand  that email address, users have to go through CAPTCHA that filters automated programs.

Watch:

Using Webmaster Tools To Find Malicious Hacks In a Website

These are the days where many websites (even prestigious ones) like FMS (see my post about FMS hack) are getting hacked by malicious parties.These hackers/spammers penetrate into the site and insert spammy or dangerous stuff.Many a times it may not appear to the normal users of the website.But when you do a Google search of the website, it may appear like

buy-generic-cialis[1]

HackedFMSBSchoolwebsite[1]

Thanks to Google Webmaster Tools(GWT), Fetch as Googlebot feature gives a breather to the webmasters.Fetch as Googlebot fetches any webpage of your site as it appears to the Googlebot.

Just login to Webmaster Tools, .Click on Fetch as Googlebot under “Labs” section inside your website profile dashboard.

Fetch as Googlebot in Webmaster tools

Fetching a webpage as Googlebot

Now enter URL of any particular page which you want to fetch as a Googlebot or just leave it as blank to fetch the Homepage of your site.

fetchas googlebot 200 success

Results of Fetch as Googlebot

There you go!! There’s the spammy content that’s being injected.GWT made this easier for you through ‘Fetch as Googlebot’ option.This confirms that the site has been hacked, the next step is to contact your server administrator or your hosting provider to take further actions.

Illustrative Images via Google Webmaster Central Blog post.

FMS Website And It’s Hacking Woes

Faculty of Management Studies, FMS a Delhi B-School website has been compromised by some hackers couple of days ago, since then a Google Search for FMS or fms.edu yielding weird result as shown in the below screen shot.

There has been an official statement from the management of FMS, as seen in Times Of India website.

Hacked FMS B-School website

Below is the screen shot of Google’s cache of fms.edu as seen on Nov 5.

cached version of FMS

The site may have compromised around Nov 4-5, but since Google updates their index on a weekly basis we are still seeing the weird “Online Cialis, Oder Viagra” string in the search result snippet.

Thankfully, no damage has been done to the website.

This clearly signifies the need for the educational or such other institutions (both govt. and private) to have a serious thought abut security of their websites and important private data that they store through them.