AVG Technologies reported a new worm targeting Facebook users. The worm spreads by putting an alluring picture of a woman on the profile pages belonging to people it infects. The picture will also appear in the person's News Feed.

If you click the picture, it takes you to a malicious site that will ask you to click on a picture if you "want 2 c something hot."

Unfortunately, all the user gets is a worm.

"This worm uses what is technically known as a CSRF (Cross-Site Request Forgery, also called XSRF) attack," blogged Nick FitzGerald, emerging threats researcher at AVG. "A sequence of iframes on the exploit page [calls] a sequence of other pages and scripts, eventually resulting in a form submission to Facebook 'as if' the victim had submitted a URL for a wall post and clicked on the 'Share' button to confirm the post."