The Dropbox link went down quite fast, it was mirrored by another site nearly instantly and the hack remained in working condition. Then I'm guessing Facebook took down the App and deleted all the comments that were spread.
It all began when a user pasted the value of the jsText variable in the address bar. The script create a new script DOM element and append it to head injecting the malicious links (so that there is no more need to run the bookmarklet-like link.)
The problem here is that the (old) Facebook prompt_page.php page:
It seems as though she is more the victim of some asshole that may or may not know her, that is now trying to extract some revenge by making her life a miserable hell while this mess gets sorted out.
10 comments
[ 2.3 ms ] story [ 26.3 ms ] threadReddits reaction thus far http://www.reddit.com/r/reddit.com/search?q=nicole+santos
Edit: I think facebook has already taken it down, it lasted about 30 minutes.
The problem here is that the (old) Facebook prompt_page.php page:
http://www.facebook.com/connect/prompt_feed.php
doesn't sanitize feed_info[action_links][0][href] allowing javascript: links.