A XSS attack on Orkut affected about 600K+ users yesterday (including myself)
Here is the coverage on The Register – http://www.theregister.co.uk/2007/12/19/worm_hits_orkut/
This blog post here are great details including the source code – http://antrix.net/journal/techtalk/orkut_xss.comments
This could be the start. I see FB & GOOG becoming targets of virus/worms that have traditionally been reserved for MSFT.
A good way to protect yourself would be to use Firefox & install Adblock Plus & NoScript .
I have been using Firefox with Adblock Plus and its pretty awesome. I have ad free surfing experience thanks to AdBlock Plus. 😉