A blogger reports that Orkut, the Google-owned social network, has been hit by an XSS worm that seems to have infected over 400K Orkut users.
From the blog:
Right at this very moment, a cross-site script has been spreading like wildfire in Orkut communities due to a flaw in Google’s Orkut.
If you’ve read the following scrapbook entry in Orkut
“2008 vem ai… que ele comece mto bem para vc”
from one of your friends, you’re infected. Simply viewing the message alone is sufficient for your Orkut account to be added a new community named “Infectados pelo Vírus do Orkut” and be an unwilling new host for the worm. At the time of this writing, the number of Orkut members in Infectados pelo Vírus do Orkut is already at the 400K mark.
But fret not ’cause according to the author of the worm, Rodrigo Lacerda, this script is not malicious in any way, well except for making you an unwitting participant of his experiment.