Saw this same thing on the BBC News site, goes into a little more depth (but not much)

Although there have been malicious bots around for some time instant messaging, security firm IMLogic believes that this is the first time someone has tried to use bot code to help spread a worm around an IM network by pretending to be a legitimate user.

The first sign of attack is a message that appears to come from a contact, offering you a file to download. If you respond then the wormbot tries to persuade you to save the file, and it will even say "lol no its not a virus" (sic) if you ask about the possibility of infection.

If you do open the file then your security software is disabled, a backdoor is installed and the worm will start trying to reach the people on your personal buddy list. So far it does not seem to do any more damage, or steal any sensitive information.
Source: http://news.bbc.co.uk/1/hi/technology/4520766.stm