Cyber-criminals are using messages on Facebook to lure would-be victims to click on a link, by promising something like an interesting video or sexy pictures.
The messages look real and are often sent from one of your Facebook friends.
But you have to download a special program, which really is spyware. It infects your computer and then it sends the same bogus message to all your Facebook friends.
"Just one person getting an infection on a social networking site actually opens the door to thousands, if not hundreds of thousands, or millions getting infected," said Jeff Debrosse, a computer security specialist.
"Koob-face" has been around for a while, but hackers are trying to lure gullable Facebook users to give up their personal information with new tricks, according to McAfee.
E-mails with a subject line of "Facebook Password Reset Confirmation! Customer Support" are sent saying that people's passwords on their Facebook accounts have been reset and that they should log in to a site to get their new credentials. But if the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said.
You can keep your computer secure by always using an up-to-date browser and by keeping your anti-virus software updated.