Last night, I received five scrapbook entries on Orkut saying, “2008 vem ai... que ele comece mto bem para vc”. I’m not sure what that means, if anything, and it surely isn’t something my five friends would have sent me, especially not all at the same time. So I did a little digging.

It appears as if a script hit Orkut last night. The details are a bit sketchy, but apparently if you bring up the scrapbook page with one of these viral scraps in it, it would send that message to all of your friends and join you to a group, ‘Infectados pelo Vírus do Orkut’. Last night, that had 396,849 members. This morning, it is at 690,513 members. The problem is that you cannot unjoin this group.

Google appears to be deleting these scraps as fast as they could and the five scraps were deleted from my scrapbook as well as the one that the virus sent to my wife.

A way to protect against this is to turn off Javascript in its entirety, or to add a tool that partially turn off scripts. I chose the later option, using a Firefox addon called NoScript. It allows you to chose which domains can run scripts and which ones can’t.

I often comment about how I really don’t like Javascript and I encourage people to try and avoid using it. That said, I’ve added a lot of social networking widgets to my site, and just about each one of them requires Javascript. When I went to my website, I found 25 different script sources that I needed to decide whether to authorize or not. This can make sites very slow in loading and people have complained about the slowness of my site.

I went to a friend’s site which is also notoriously slow. It had 22 different script sources, and these sources were substantially different from the sources that I use. Slowly, I’m building up my list of trusted sources, but I stop and wonder, do I want to turn on sites like sitemeter.com or statcounter.com? If I don’t, the sites that I visit will have their actual traffic under reported. If you’ve ever wondered why your access counters don’t match what sites like sitemeter.com and statcounter.com report, this is one of the reasons.

It raises another issue. As we see more Javascript based viruses, like the one that hit Orkut, we are likely to see more and more people opt out of Javascript, and the data collected by script based counters become less and less reliable.

For the time being, I’m going to explore friends’ sites and see how they run with some of their scripts disabled. I’m hoping it will make my browsing safer and faster.