From zdnet.com
A Polish security researcher has published today details and proof-of-concept code that could be used for creating a fully functional Facebook worm.
This code exploits a vulnerability in the Facebook platform that the researcher –who goes online under the pseudonym of Lasq— has seen being abused in the wild by a Facebook spammer group.
The vulnerability resides in the mobile version of the Facebook sharing dialog/popup. The desktop version is not affected.