Did u suddenly notice that your "about me" in ur orkut profile suddenly changed to spam ?
And also your webpage ! Did it change to something like this ? http://www.aprendendoaqui.com.br
Then U fell for a Phishing Scam !
Link to this article : http://johndasfundas.blogspot.com/2009/08/fake-orkut-page-stole-your-password.html
Phishing means using a fake email or website to fool someone into giving up his/her personal information or username and password.
Orkut is a social networking site very popular in India and Brazil and somewhat popular in the rest of the world, mostly because is now a Google brand.
This particular Orkut phishing used a fake orkut website hosted at a free webserver (so that they did not have to spend any money, and more importantly so that they cannot be traced )
They host it at http://see-my-new-pic.awardspace.biz/ (DONT go to the link !! Atleast don't give ur password there !!)
The links they put in your profile "about me :" are like this :
!! HI GUYS , DO YOU LIKE SEX AND WANT TO MEET SEXY HOT PORNSTARS, AND FUCK THEM? !!
!! THEN CHECK OUT THESE NEW UPDATES DONE BY ORKUT FOR SOME SPECIAL PEOPLE
GO HERE TO VIEW WEBCAM OF HOT MODELS
GO HERE TO SEE NUDE PICS AND VIDEOS OF HOT MODELS
0FFICIAL ORKUT SEX CHAT ROOM BY GOOGLE
COME HERE TO SEE HOT MODELS NAKED AND NUDE
COME HERE TO GET A CHANCE TO MEET SEXY PORNSTARS
GO HERE TO GET PHONE NUMBER OF HOT MODELS
GET PHONE NUMBERS OF OTHER MUMBAI MODELS
COME HERE TO GET A GOLDEN CHANCE OF DATING PRIYANKA CHOPRA
LATEST PORN AND XXX MOVIES FOR YOUR MOBILE PHONES RECENT DELHI MMS CLIPS AND ALL THE RECENT FUCKS
G0 HERE T0 MEET H0T AND SEXY GIRLS IN MUMBAI
GET A CHANCE TO FUCK HOT MODELS IN YOUR HOUSE
SEX CHAT ROOM
Its obviously porn spam, and if u click on it, it takes u to a fake orkut page at http://see-my-new-pic.awardspace.biz/
"webpage:" being changed to http://www.aprendendoaqui.com.br
The second one has been disabled, probably by the appropriate authorities, but the fake page at AwardSpace free hosting is still working as I write this article.
Hope AwardSpace disables the fake site and catches the culprits. Hopefully they can trace the IP address from where it was programmed and set up.
Easy Starter Hosting Plan with 200 MB free space and 5GB/month bandwidth, they can get quite a number of phish from orkut.And they have cleverly hotlinked the images from the real orkut site, meaning they reduce their bandwidth load and leech it from the real orkut !!!!
Q. What should I do if I am affected by http://see-my-new-pic.awardspace.biz scam ?
First of all "DONT PANIC !"
Then, as soon as possible, Change your Password.
If you are able to change your password, very good !
Q. How do I change my orkut password ?
From here https://www.google.com/accounts/ManageAccount
The option is hidden in the settings, which is on the left side of ur orkut page.
Its on your Orkut Home page ( http://www.orkut.co.in/Main#Home.aspx )
On the left side, just above the "invite friends" box, between updates and spam.
Once you click and go to the settings, and scroll to the bottom in "general" tab.
Look for this "to change your password, visit your Google Account Settings "
This is what u want https://www.google.com/accounts/ManageAccount?hl=en-US
Q. What next after changing password ?
Well, if ur profile has been edited and filled with porn links, u might want to remove it !
Go to ur profile page ( http://www.orkut.co.in/Main#Profile.aspx )
Click the "Edit" button for the "about me:" and change it back.
After that, click "View full Profile" (at the bottom)
Scroll to "webpage:" and click the "Edit" button and change ur website ( to http://www.fundazone.com if u want to promote my website)
And u are done !
Don't forget to inform your friends about this fake orkut website. Especially the person in whose profile u accidentally clicked the link.
And better to put it in your scrapbook and even status message for a few days.
Link to this site for the removal instructions.
Hope this has helped someone. I din't think I'll waste so much time in writing this blog post.
A variant puts the following message in the "about me:" Same cure as above.
CHECK MY NUDE PICTURES
( Redirects to http://mysecretpics.awardspace.biz/ )
ALL SKINS POWERED BY
When will they stop ?
Is this part of a botnet ?
Here's a list of domains and IP's many are Reported as attack sites.
Rate RED; these have been verified as currently active
Alliance and Leicester phishing botnet
I previously rated this back in May 2009 from this DNS-BH blog post
currently parked, but IMO it's best to catch it before it's a problem
- Here's a "kicker"
This domain's DNS does not resolve, though it previously listed name servers do.
- Created: 2009-06-05
Organization : cheng wu
Name yang jing zhong
Province/State : hubeisheng
Postal Code 430000
Domain Status:On-hold (generic)
Orkut now gives a warning when accessing such profiles :
They have started changing the orkut status message like other orkut worms used to do.
This will increase the rate of spread of this drastically.
CHECK MY NUDE PICTURES : mysecretpics.blogspot .com (remove spaces)