Orkut - Under Attack

Looks like the script support in orkut scraps and profile is causing devasting effects to its users.daily there are new worms coming up which scraps everyones scrap book and send some stupid message.this messages are either contains some pornographic image or some trick to view others locked profile.
Most of the orkut users are not expert in the security,imagine that the HR girl in your company ;)so here is one more orkut worm which is spreading in wild.i got a chance to analyze it as someone in my freinds list opened it and run the javascript,which fortunatly srapped all the people in his/her friends list.
here is how this scrap looks:-

on clicking on the profile link it takes you to following URL:-
http://www.orkut.com/Profile.aspx?uid=3282418804168607280

it says tht she is an MTV roadies girl(you became excited) then in the about me section she tells you a trick:-

there she says to run a javascript.here you can see the source code of malicious script:-
http://mrnoobrulez.110mb.com/orkut0.js

thing is simple it will made you to join some community,will append scrap to all you friends and no,you can not see the albums which are looked,thats a neat social engineering technique.

the author of this as he calls himself mr.noob he is fooling others easily.
so be aware of such tricks and make sure you don't run such scripts.

Cheers,
SecGeek