Google Orkut Worm

US-CERT is aware of public reports of a worm propagating via Google's social network, Orkut. It has been reported that this worm spreads by sending messages to Orkut users. When a user visits an infected Orkut profile, the user becomes infected by a "scrap" that references a remote, malicious javascript file (virus.js).

US-CERT urges users to take the following preventative measures to mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
  
• Block executable and unknown file types at the email gateway.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.