Users' PCs were not affected by the Orkut worm: the problem was restricted to the Orkut pages. The virulent virus.js script has since been taken off the net, and scrap books are also said to be free of the malicious code. In addition, Orkut is said to have set up filters which scrutinise content added to scrap books more thoroughly. But the incident is another example for the enormous speed with which malware can spread through social networking pages if users are allowed to add almost any content to their profiles. A similar problem occurred, for example, in MySpace last year, where simply watching an injected malicious Quicktime video was enough to infect the user's profile. MySpace was also almost completely shut down by an XSS worm in late 2005.
- The Orkut Worm Has Landed!, Symantec security advisory
- Orkut spam worm spotted!, McAfee security advisory