I won't mention any names :) but a friend of mine accidently clicked at a link which he got on from a pal using MSN Messenger.

The IM message was saying:

Is this your photo? hxxp://youtube.my3gb.com/index.php?=xxx@hotmail.com

xxx@hotmail.com is your own hotmail address.

The worm we spotted behaves in this way:

Clicking on the received link will execute the worm and infect the computer. In this way it will continue to spread itself to other users. It copies itself to the Windows folder and runs in stealth all the time. It may run under the name wksvcsc.exe causing MSN messenger to send out auto messages to all people on user's MSN-friend list. Its purpose is to spread itself through social engineering techniques, which make victims believe they received the link from a trustworthy source.

Never open links even if they come from your best friends, especially not if a .zip, .rar .exe, .scr, .com file is attached in the message. If you get hold of the file, one idea is to send it to us through our new ThreatWork client and have our research team take a closer look at the suspicious file. Be careful and make sure to avoid double clicking on the files you send to us. If you don't have Ad-Aware 2008 download it from http://www.lavasoft.com. When installed navigate to Start Menu --> Programs --> Lavasoft --> Ad-Aware --> ThreatWork. Open the client and attach the files you want to send.