Facebook is not immune, it seems, to the many security expolits that have hit MySpace users over recent years. A so-called "Facebook trojan" is making its way around the site.

The trojan masquerades as a Facebook message with a title like "Nice dancing! Shouldn’t you be ashamed?" or "Some0ne thinks your special and has a *Hot_Crush* on you. Find out who it could be".

This mail includes a link - to a free hosting site like GeoCities - that when clicked prompts the user to install an .exe file. The trojan then executes a worm called W32.Koobface that locates your Facebook cookies and proceeds to spam your Facebook friends with the same message. Here's the step by step:

1. Get a Facebook message with a spammy subject line, think nothing of it 2. Click on a suspicious-looking link within that mail 3. Be running Windows (nothing wrong with that, of course) 4. Ignore all warning messages

If you're a fairly savvy web user then, there's no need to fear: not installing an .exe file from an unknown source is Internet Security 101. And yet, there's word of a nuance that could catch fairly smart web users unaware: the trojan may also attempt to change the user's profile by inserting links to the malicious page.

In short: a reminder to never, ever install and execute an .exe file from an unknown source. But we all make mistakes, and if you have been afflicted by W32.Koobface, Symantec has the fix.