Orkut worm feeds on scraps
From social networking to social engineering
Malware authors have written a worm for Orkut, Google-owned networking site that's big in Brazil.
The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.
An analysis by Symantec can be found here.
Judging by the counter on a web page associated with the malware (not the most reliable of indicators) about 13,000 users are already infected by the Scrapkut worm, which isn't - for now - doing anything particularly nasty other than spreading.
By contrast an earlier worm that spread across the Orkut network last December infected an estimated 655,000 people. Google plugged the cross-site scripting (XSS) error that made the attack possible hours later, thwarting tfurther propagation of that fast-spreading worm. ®