In the attack, visitors to the popular social networking website might see an image of a thong-clad woman, posted on a friend's Facebook wall. When clicked, the visitor is sent to a web page that bears a button stating, "click this button."
Those who click that button activate the worm, which updates their user settings and posts the thong image and link to the user's wall, spreading the link virally.
According to a Facebook spokesperson, the company blocked links to the offending URL and is now removing the malicious links from user's walls.
"Overall, an extremely small percentage of users were affected," the spokesperson said. "As always, we're asking people not to click on suspicious links, even if they've been sent or posted by friends."
Security specialist Roger Thompson posted a demo of the attack on YouTube.
"[The photo link] advertises to all your friends that you went there, so it could get you in trouble with your spouse, family member or your employer if you're doing it at work," Thompson said, adding, "it seems an awfully good hack just to direct people to an adult website for very small gain."
The worm reportedly does not affect visitors using Microsoft's Internet Explorer browser.
