Facebook users are being warned not to click on a message that promises to deliver the 'sexiest video ever', as when opened it leads to the download of a programme that fills the computer with junk.
The video link appears in newsfeed together with a picture of a pneumatic model or a woman on an exercise bike wearing a miniskirt.
According to Wired.co.uk, the malware installs 'adware' called Hotbar, which makes the creator money and will pop up adverts when Internet Explorer and Windows Explorer are used.
The toolbar's buttons will change depending on the site, but it will generally open up more unpleasant sites if one clicks the buttons.
It will also install skins for Internet Explorer, Outlook and Outlook express and start collecting user data.
IT security and data protection company Sophos says thousands of people are falling for the trick.
A video demonstrating the scam has been posted to YouTube by Websense Security Labs.
"You may want to watch a sexy video, but you're more likely to end up being plagued by pop-up advertising," Sky News quoted Graham Cluley, senior technology consultant at Sophos, as saying.
"Not only is adware being installed on your computer, but the rogue Facebook application is posting the same message to all of your friends' accounts," he added.
Cluley also said that Facebook users hit by the attack are advised not to click on the links or allow the Facebook application to run.
Victims are urged to scan their computer with up-to-date anti-virus software, change passwords, and review all Facebook applications and settings.