Facebook has a worm. It was bound to happen: As the web increases in popularity, it was just a matter of time before security bad guys started targeting web applications in earnest. Recent research from IBM suggests that the pace of security vulnerabilities on the web is accelerating.
The worm spreads when a compromised user's account is used to send message to others with a title such as "LOL. You've been catched on hidden cam, yo:" and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called "codecsetup.exe."...
The worm uses the friend's picture to make it seem all the more legitimate. Once compromised, keylogging and the like kick in.
In other words, it's even worse than Facebook without the worm. :-)
I'm not a big fan of Facebook - that's not a secret. I think Mike Schroepfer joining Facebook will help. The company is certainly improving the sort of applications that live on its platform. Facebook will work through this issue and will continue to improve, but for now...beware your Facebook friends.