Yesterday, Orkut was paralyzed and transformed into a booby trapped minefield by the “Bom Sabado” worm that spread like wildfire. While most of the world was oblivious to the attack, its effect was felt in countries like India and Brazil where Orkut has a sizable presence.
A Google spokesperson issued the following statement:
We took swift action to fix a cross-site scripting (XSS) vulnerability on orkut.com that was discovered early Saturday. We were aware of a script being used to spread messages on orkut, but our analysis of the script code did not reveal any evidence of users’ accounts becoming compromised; nonetheless, the issue is now resolved. We’re in the process of cleaning affected profiles, and we are studying the vulnerability to help prevent similar issues in the future.