Clicking on the link results in a prompt to download viewing software that is actually a computer worm called Koobface, a variation on the spelling of Facebook.
'It steals your cookie on your desktop; not just for Facebook but for a half-dozen social networking websites including MySpace,' Mr Yaneza said. 'Your account is compromised at that point. Using the hijacked cookie it tries to log in as you, goes through your address book and starts posting messages and comments.'
Internet services routinely install small bits of software, called 'cookies,' on users' computers to store identifying information that can include user names and passwords.
Facebook and other social-networking websites that let outside developers customize Web-2.0 style widgets for users need to beef-up vetting processes to guard against 'rogue developers,' according to Mr Yaneza.
He cited the stringent vetting process that Apple puts developers through before making third-party applications available at iTunes for iPhones and iPod Touch devices.
People can reduce the odds of becoming victims by being selective about friends at social networking websites and not clicking on links that take them outside the walls of their online communities.
Computer users are also wise to use unique complex passwords for each online account so if hackers get hold of one virtual key it won't open other locks, according to Mr Yaneza. -- AFP