The first web-link embedded on the Facebook's fake profile pages states that 99% of users can't view the video for only 25-secs. Thereafter, it exhibits a girl's photo hiding her face behind the palms. Moreover, viewers are persuaded to hit a tab -"Video Here!" which displays a phony movie player.

On clicking it, users encounter another scam, which promises to show a movie. To download it, they're told about a code that should be pasted inside the address bar of their browser.

However, this code carries a disguised JavaScript that sends out messages to all the contacts of the user if pasted. Subsequently, the code adds a bogus notification of update description to the profile page of the victim to popularize itself.

Roger Thompson, Chief Research Officer at AVG, states that currently there is no clear evidence about the payload's nature although investigation is still on. However, he states that it could possibly be a website, which seeks to automatically charge the user $9.95/month on his cell-phone account, as reported by SoftPedia on July 7, 2010.

It is said that the trick, which asks to paste a particular code into a user's address bar, isn't new. During the end-week of June 2010, a phishing scheme on Orkut demonstrated the same technique that duped users into loading a malevolent JavaScript in their Web-browsers by promising them of certain recharge code for mobile credit at zero cost.

Commenting on this, security researchers stated that while people popularly used browser applications, the latter facilitated the maximum number of opportunities for attack that distributed harmful content. Over and above, most people failed to figure out as to which content meant danger for their PC.

Hence, the experts advise that users should set appropriate security configurations on their browsers and keep all attack warning options enabled.