Researchers at FaceTime Communications discovered the threat, which spreads through AOL's instant messaging client, and traced its still-under-construction attack profile through servers in the U.S. and South Korea. The exploit remains unfinished, said FaceTime, which found that many of the domains called by initial attack file are missing the necessary infectious file
from what ive experienced, once someone gets this through aim, it sends out a message with the same link posted again to all of their friends on their list.
they click the link that says "check out my new pics" or something and its an excutable and they stupidly run it.