The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.”
Look for 2009 to be the year of security hacks going social or forget Social Media maybe it’s called Social Exploits.
Update: The above link was the wrong link. I was writing a blog post at the same time about the live coverage of the olympics. My mistake. The post was linked to Techmeme by my error.