"The Scrapkut worm uses active code injection to spread between victims
and their friends on Orkut. The malicious code appears on a victim’s
scrapbook, containing a link to a supposed YouTube video.
People who click on the link are redirected to an external site hosting
malware that's disguised as a Flash upgrade. Users duped into
installing the software get malicious Javascript code injected into
their next active Orkut web session. This malicious scrapbook entry is
then sent to all the victims' friends, recommencing the infection
cycle.
An analysis by Symantec can be found here."
Article Link: http://www.theregister.co.uk/2008/02/29/orkut_worm_reloaded/
