Bom Sabado! Orkut Worm!!

Today I have been getting many scraps from friends (in Orkut!!!) with just the text "Bom Sabado!". Google translator tells me that it means "Good Saturday!", well seems like its going to be not so good Saturday for many!!.As time passes by more and more people seems to sends this scraps, indicating clearly that this is  some kind of a worm.
So I thought of digging into it a bit deeper, I created a dummy account so that my normal account will not be affected.Then added myself as friend in the dummy account, so that I can monitor it.Then I opened the scrap I got from the dummy account.While inspecting the source code, I found that the suspicion is true, it in needs is the work of a worm!!.I found following iframe  code injected along with the message into scrap.
This injected iframe loads "worm.js"  script from tptoolsorg which apparently causes all the problems.

Downloading the worm.js from the source and decoding it gives me following observations.

1.  It uses standard JS Objects and XMLHttpRequest to all sorts trouble.
2.  Code is obfuscated by using octal representation for objects and weird names  (eg: _0x7c2bx4) for variables. 
3. It does the following if you opens a scrap page.  

• Makes you join 5 communities.
• Sends Scraps to all your friends.

Following shows the part of the code that is responsible for the problems.

The main sign of infection is that, your browser will be hanged for a while if you open such a page.if you find it happens to you, close the browser immediately. It will prevent the worm from spreading.


Recovery Methods

1. Clean all the cookies and private data stored in the browser. 
2. Install Firefox and NoScript addon, it will block all the scripts. Allow only those you wanted. But be careful not to allow scripts from tptoolsorg.
3. Remove all those "Bom Sabado!" scraps from your Scrapbook.
4. Be careful not to visit any of the infected pages until Google fix this injection vulnerability.