Worm that exploits your friendship

A new threat that spreads through Renren.com, which is a very popular Social Networking Site in China ala Facebook. The threat comes in a form of a Flash video, which pretends to be a famous Pink Floyd promotional video clip "Wish you were here".

Viewing the flash video results in concealed javasrcipt being executed while the video is playing.

The video is hosted on a legitimate site.

The threat exploits an authentication cookie of a currently logged-in user in order to send out the same link to the flash file to users on the Friends list.