It's an interesting interaction between flash and JavaScript. My understanding is that Orkut allows your friends to use arbitrary HTML commands. This was used to load up a bit of flash that downloaded a JavaScript file and execute it (from hpp://files.myopera.com/virusdoorkut/files/virus.js).
The JavaScript uses Web 2 technologies (AJAX) to do it's stuff, so that you don't see it working. Roughly, it does the following:
- Joins you to a community (/CommunityJoin.aspx?cmm=44001818)
- Uses the Compose.aspx in order to gain a list of your friends
- Sends each one a scrap containing the JavaScript
There doesn't appear to be any payload attached to it, so it just infects a bunch of people and then does nothing.