He urged users to avoid links that "seem strange," and suggested that they arm themselves with up-to-date antivirus software. "The messages for this issue all have a title that is poorly spelled about seeing a video of someone, the text of the message has 1-3 words in all caps and then a spammy link," said Schnitt.
Koobface is a variant of one that hit MySpace, another well-known social networking service, last August, said McAfee's Schmugar. The earlier version targeted both MySpace and Facebook, he added, but the newest ignores the former and focuses on the latter. There are more than two dozen variants of the worm in circulation.
Facebook has posted a short message on its security page acknowledging the worm's attack. The notice urged users whose accounts had already been compromised to scan their PCs for malware and then reset their passwords.