Google’s social networking site Orkut has been hit by a web worm. This worm used a vulnerability in the “Scrapbook” feature of the site and infected almost 400,000 accounts before it was shut down by removing a download file it needed to operate. Presumably there’s a bug somewhere in the HTML filter which is allowing malicious Javascript to get through. Infection spread through Orkut users via email notification that you have a new scrapbook entry from a friend. It says: “2008 vem ai… que ele comece mto bem para vc”
