Yes, Orkut is hit by a self spreading worm which did not do any major damages(hopefully) except sending out scraps to your friends on behalf of you. This process repeats itself when someone views an infected scrapbook.
External links on this story:
http://www.pcworld.com/article/id,140653-c,worms/article.html
http://orkutplus.blogspot.com/2007/12/breaking-xss-in-scrapbook-if-you-open.html
Orkut allows embedding html into the scrapbook. One can add falsh objects also. It seems that the worm creator exploited this option to create the worm.
Seems Google guys have fixed it now, but it reminds everyone about how complex web application security is. Primarily handling Cross Site Scripting(XSS) attacks is very crucial for safe web applications.
As most of the Orkut users use the same gmail account with Orkut, Google should be very careful with Orkut and exploits like these can lead to great damages for the users. Imagine giving out your gmail authentication information to someone who you do not know, how bad it will be. These exploits can be such dangerous. Google guys should spend some of there bucks into safeguarding Orkut from further exploits. Wakeup Google, OpenSocial is not the only stuff you have to take care about Orkut, there is something more demanding your attention.
I suggest changing your Orkut or Google Account password regularly if it is the primary email you use it daily. Change your password at least once in two weeks.