Security experts are warning users and administrators of a new crop of Facebook malware.

F-Secure said in a recent blog posting that the company has tracked down a number of pages on the social networking site which attempt to infect users by promising free videos.

The new attacks propagate by way of a malicious worm which hijacks Facebook information. The user is sent a message from an infected friend which promises a link to a YouTube video.

On clicking the link, the victim is directed to a third-party site which scans the user's operating system. Users running Windows are forwarded to the attack page while users running other operating systems are sent to the actual YouTube front page.

Once landing on the attack page, users are prompted to download what purports to be an updated version of Flash which is needed to view the file.

The would-be installer, however, simply delivers the malware payload in what is known as a 'fake codec' attack.

The malware package installs and launches a new copy of the worm which then scans the user's system for Facebook cookies and uses the information to send new attack messages to the victim's friend list.

"This propagation method is effective because the message is supposedly posted by a friend," said F-Secure.

"A person receiving such a message is far more likely to click the included link, greatly increasing the chances of infection."

Security on Facebook has become a growing concern of late. In addition to its use as a means for spreading malware, researchers have suggested that the site could also be used as a platform for denial-of-service attacks on third-party sites.