Thousands of users on Google's Orkut social networking site were hit at the weekend by a new proof-of-concept worm that spread rapidly using the Portuguese greeting 'Bom Sabado', or 'good Saturday'.
Attacking the site's scrapbook feature, infected users found themselves forcibly joined to a list of bogus Orkut communities, while that user's friends were then then contacted to spread the worm further.
In terms of engineering, Bom Sabado appears spread using a malicious iFrame, which points to a remote file containing obfuscated Javascript.
The main purpose of the worm appears to be simply to try to test out some basic attack parameters, such as the speed and ease of spread, the ability to sign people up to communities. This will mark it out as somewhere between a nuisance attack and more serious proof-of-concept worm.
However, Bom Sabado's success proves that a data-stealing attack could have taken place.
Popular among mainly Brazilian users, Orkut's more limited geographical focus and smaller user base hasn't protected it in the past either. Last December, the service was hit by a similar worm that also appeared designed as a proof-of-concept probe.
Suggested defences against Bom Sabado include closing Orkut Manager and not viewing the scrapbook, or simply disabling browser Javascript or iFrames.