Right at this very moment, a cross-site script has been spreading like wildfire in Orkut communities due to a flaw in Google's Orkut.
If you've read the following scrapbook entry in Orkut
2008 vem ai... que ele comece mto bem para vc
from one of your friends, you're infected. Simply viewing the message alone is sufficient for your Orkut account to be added a new community named "Infectados pelo Vírus do Orkut" and be an unwilling new host for the worm. At the time of this writing, the number of Orkut members in Infectados pelo Vírus do Orkut is already at the 400K mark.
From what I can grasp from scanning through the script, it appears to work this way. First, it'll add you to http://www.orkut.com/CommunityJoin.aspx?cmm=44001818. Next, it'll load and extract your entire friends list and send itself to them, thus completing the infection cycle. It is able to do this because of the fact that Orkut allows HTML to be inserted into scraps.
Apparently "2008 vem ai... que ele comece mto bem para vc" is roughly translated into 2008 is coming... that it begins is really good for you. It doesn't seem to look that way for Orkut engineers.
Edit: Btw, the excessive traffic generated by this script is partly due to the fact that it will continually attempt to contact Orkut's servers if it fails to do what it wants on the first try (force you into the above-mentioned community and load your friend's list).
Update: The original script location now returns an empty file. That should prevent any new infections from now on. Note that while many folks think that the flash file is somehow malicious, I'm quite sure that it isn't because http://www.orkut.com/LoL.aspx (source of the flash) doesn't even exist!
Btw, you should thank Rodrigo Lacerda for highlighting this vulnerability in such a manner.
[Orkut XSS @ Sounds From The Dungeon]