Facebook is not immune, it seems, to the many security expolits that have hit MySpace users over recent years. A so-called "Facebook trojan" is making its way around the site.
The trojan masquerades as a Facebook message with a title like "Nice dancing! Shouldn’t you be ashamed?" or "Some0ne thinks your special and has a *Hot_Crush* on you. Find out who it could be".
This mail includes a link - to a free hosting site like GeoCities - that when clicked prompts the user to install an .exe file. The trojan then executes a worm called W32.Koobface that locates your Facebook cookies and proceeds to spam your Facebook friends with the same message. Here's the step by step:
1. Get a Facebook message with a spammy subject line, think nothing of it
2. Click on a suspicious-looking link within that mail
3. Be running Windows (nothing wrong with that, of course)
4. Ignore all warning messages
If you're a fairly savvy web user then, there's no need to fear: not installing an .exe file from an unknown source is Internet Security 101. And yet, there's word of a nuance that could catch fairly smart web users unaware: the trojan may also attempt to change the user's profile by inserting links to the malicious page.