According to one of AVG’s bloggers, the worm spreads as users that are already logged into the social network click on the suggestive photo that is being placed on their walls by infected friends.

Here’s how it works:

On your wall the thumbnail of the worm’s infective page is a link to the page.

fb-booty-wormThe worm’s objective, of course, is that others viewing the victim’s wall will click the link, and as they are logged into Facebook, the worm will spread through peoples walls and continue to irritate the population of facebook, displayed is an image of what to look out for.

THE TECHNICAL STUFF:

This Is known as a CSRF attack.

A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post.

While this attack seems to cause more embarrassment than it does damage to your computer or account, it also seems like one of the easier ones to fall for since all it requires is one click to join the app.  Just try and avoid this one.