“Google takes the security of our users very seriously. We worked quickly to implement a fix for the issue recently reported in Orkut. We also took steps to help prevent similar problems in the future. Service to Orkut was not disrupted during this time”, said one of the Google’s official spokesperson in an email response.

Orkut, Google’s first initiative at social networking, was launched in January 2004 and named after its creator and Google employee, Orkut Buyukkokten. The site is reported to have more than 67 million registered users across the globe. Rout however lags behind the most popular social networking websites MySpace that boasts 110 million users.

Trend Micro antivirus engineer Robert McArdle published a blog entry on Wednesday afternoon warning that a worm was replicating itself across Orkut using a Flash object that invokes malicious JavaScipt code.

“The attack works due to Orkut allowing users to embed Flash content in their scrap posts (although it does filter for normal XSS techniques),” reported McArdle in his blog post. The author of this worm-script appeared to have created a SWFObject that calls the malicious JavaScript and this object could use the script to bypass Orkut’s filters.”

The worm attack took a start with just an e-mail message alerting Orkut users that they have a new entry in their Scrapbook. An Orkut user normally visits the scrapbook to receive and send communications to other friend orkut members. Viewing that entry was sufficient to initiate malicious JavaScript that sent a copy of the infected entry to the Orkut user’s contacts. This way the users were put at greater risk of infection.

According to Robert McArdle, the worm was a proof-of-concept attack. “The possible implications of a more malicious attack in the future however are much more worrying,” he said.

A number of security firms and organizations across the world have warned that social networking sites are likely to be exploited more frequently in 2008 being the easiest targets involving millions of users.

“Social networking is a new risk,” reported GetSafe Online, a U.K. security organization backed by the government and tech companies, in conjunction with a November press event. “Twenty-five percent of people surveyed shared confidential information with strangers on social networking sites”.