When a user follows a link to a video in a message, they are redirected to one of many different compromised host servers. These display a fake error message that their version of Flash is out of date.
The user is then prompted to download or open "flash_player.exe", a Koobface variant.
The worm on the users' machines can then be used to steal their personal data.
Facebook is aware of the threat and is trying to purge the spammed links from its system.
"But with dozens of Koobface variants known to exist, the situation is likely to get worse before it gets better," said McAfee.