Page 1 of 1: Alert: Orkut Scraps you should delete at first notice

BGM · Credits: 103020 My Scrapbook

Beware of these Orkut Scraps which contain Hijacking Scripts

Here are two scraps contianing Hijacking Scripts which i have personally checked and found they are indeed malicious.
They won't steal your passwords but they will scrap all your friends with the same message, without your knowledge.
That can be considered as a "Temporary Hijack" of your Orkut Account.

---------------------------------------------------------------------------------
So Beware if you happen to get a scrap containing these messages:

Possible Malicious Scrap No.1

This isn't a cookie stealing script but a script which leads users to a page describing about "How to make your cell phone battery last longer".
The same page has a warning saying "Never run untrusted scripts while you are logged into orkut".

click to zoom the pic

Now whats fishy about this script is the way it uses to spread.
If you copy paste this script in your address bar and press enter,
It will send mass scraps to all your friends without your knowledge!
This is a practice which is totally unacceptable.

If you happen to get this scrap from a friend, don't suspect him.
He is just another innocent victim who inadvertently helped in the spread of the scrap.

BGM · Credits: 103020 My Scrapbook

Possible Malicious Scrap No.2

click to zoom

This is another script which used to temporarily hijack the users scrapbook.
The numbers in the scrap are actually coded info,
In this link these numbers decode into a personal googlepage which contains an unknown javascript.
The same page got deleted and now a notice :
"This page violated the GooglePages Terms Of Service & Has been deleted" is present there.

BGM · Credits: 103020 My Scrapbook

How to identify Scraps Containing Password Stealing Scripts?

Golden Rule: Never Run any Scripts in your browser (copy-paste-enter) while you are logged into Orkut.
Here are some screen shots of real-time password stealing scraps.
All important info have been blurred to prevent the prorogation of these scripts.

Click to Zoom

If you look at the pictures you will see that i have blurred most of the details except some specific words.

If you happen to see these words in a script in your scrapbook, take it as a Danger Sign.
These words include;
"document.cookie" or
"getCookie" or
"UID=123456722489" or
Random numbers as seen in the Screenshot in the last post or
an unknown link ending with ".js" eg: h t t p : / / a n u n k n o w n l i n k . j s.

These Scripts are potential Cookie Stealing / Hacking / Scrapbook Flooding Scripts and should never be run while u are logged onto orkut.

If you have already ran these scripts by mistake, change your Password as early as possible.

BGM · Credits: 103020 My Scrapbook

Password theft via Fake Log in Pages

This is another common trick Hackers(Crackers) use to steal your password.

Here's an actual password stealing attempt,

Click to Zoom

The Scrap says that some one have made a fake profile of yours & it has a link to that profile.
As per recent changes in Orkut, people can now mask links with words.
It means i can post a word namely "Click Here" and attach a link to it so that only the "Click Here" is visible.
(However the real link will always be visible in the status bar in firefox)
The link in the scrapbook is this one,

But if we look at the status bar at the bottom of the browser,

you will see that the real link leads to a website called "ovkut.com"
The Cracker has intelligently made a Fake Log in Page of orkut.com in the "Ovkut" site.
Actually this Ovkut.com is a custom page made in Google Pages.
(Google Pages allows all those who have a google account to make custom pages)
This proves that the person has purposefully made that page link look similar to the orkut link.
This is indeed a proof of his/her Evil Intentions.

So always check the real link in the statusbar before clicking on a link in a scrap.

blue_mars · Credits: 31739 My Scrapbook My Reading List 3 Books

That is wonderful piece of information bgm..

kausiksur · Credits: 570 My Scrapbook

Thanks a lot....

BGM · Credits: 103020 My Scrapbook

My Pleasure Friends,
The Scrap in the first post is spreading like wildfire in Orkut.
You may be able to see scraps like these in every single scrapbook.
So be extra careful of this particular scrap.

click to zoom

pearllysun · Credits: 15894 My Scrapbook My Reading List 25 Books

BGM · Credits: 103020 My Scrapbook

I have seen that scrap in atleast a dozen orkut scrapbooks!
The Good thing is that it is not a Cookie Stealing Script, so those who ran those scripts are not in risk of Password Theft.
The Bad thing is that it will use your id temporarily for sending the same scrap to every single person in your friends list.
All your friends will see the scrap containing the script in your name!
Sending hundreds of Scraps in spamming and Orkut may delete the Orkut id if many hundreds of scraps are sent in a short time period.

		Sign In New User? Sign Up Sign in to access your control panel and messenger!
				TechZone \| SpiderNevi \| HowTo? \| Scrapbook!