The method used to spread the link is particularly interesting. A Facebook users sees a post on a friend’s wall, with a thumbnail and the caption “New Pix”. Clicking on this link will lead you to the aforementioned video, but it will also spread by posting the same link on your own wall, seemingly without your intervention.
The trick is in the fake turing test, seemingly set up to determine if the user is human. After you click on the link on Facebook, you’re asked to find the blue button amongst a number of multicolored buttons. This button is actually the Facebook share button; by clicking on it, you’re actually willingly sharing the link on Facebook, but the entire Facebook page is concealed with the use of two IFRAME elements (for a detailed explanation of how the attack works, see here).
Needless to say, this type of attack can easily trick the user into opening something far more dangerous than a YouTube video. You should, as always, be very careful when clicking on any suspicious links on Facebook. This attack currently works only in Firefox and Chrome, but we wouldn’t be surprised to see “fixed” and more dangerous versions of it soon.
(Remember, Facebook might be very secure, but some people might sit at their computers for days, and days, and days just to develop this one virus. So this is a warning, and don’t take foolishly)