This message could lead you to the Koobface virus, say security experts.

(Credit: McAfee Avert Labs)

A worm responsible for sending Facebook users malicious code appears to be limited in nature, although the social engineering attack may be used again, say experts.

Facebook representative Barry Schnitt said the worm isn't new; it dates back to August, although the variant that first appeared on Wednesday targets only Facebook users.

Craig Schmugar, threat researcher for McAfee Avert Labs, confirmed this in a call with CNET News and said that, in general, Koobface strikes only social-networking sites.

After receiving a message in their Facebook in-box announcing, "You look funny in this new video" or something similar, recipients are then invited to click on a provided link. Once on the video site, a message says an update of Flash is needed before the video can be displayed. The viewer is prompted to open a file called flash_player.exe.

Schmugar said the prompt for a new player should be a warning. "The messages you tend to get from these sites don't look quite right." For instance, IE will tell you where the update is coming from, and usually it's not an Adobe site. Read more..