The popular social networking site Facebook, to which thousands of Bermuda residents belong, has been hit with an invasive virus. The virus, known as Koobface, has made its way through millions of Facebook users and is now making itself known in the Bermuda network.

Users receive an innocuous-looking e-mail from a "friend" in their network. While it might not be a friend the user speaks with frequently, the e-mail has all the trappings of a normal message, including the sender's profile photo. The message includes a link to a YouTube video with a message asking something akin to: "Is this really you?"

So like the saying curiosity will kill the cat, this message is too tempting to ignore. Users are led to click on the link to view the video, which they inevitably can't do because an error message pops up saying they need an updated version of Flash Player in order to see it. Once people download the updated version of the faux Flash Player, the virus is off and running amok in their computers.

Symantec, maker of Norton AntiVirus software, has identified the fake Flash Player update as a Trojan horse virus. A Trojan horse type of virus is malware (malicious software) that appears to perform a desirable function but, in fact, performs undisclosed malicious functions.

"We call it W32.Koobface," Thomas Parsons, security expert at Symantec based in the UK, told the Mid-Ocean News. "We have two distinct named variants, A and B. There are, of course, many minor variants.

"On August 24 we found another minor variant of W32.Koobface.B. The worm's calling card is a Facebook message that you receive. Because of the way Facebook works, you have to log into your Facebook account to view these messages. When the user logs in and then checks the link in the message, it brings them to a legitimate-looking page, which contains a classic 'missing video codec' social engineering trick. Most users will likely fall for the trick and install the so-called codec that is the actual worm itself. Once installed, the worm will send the same message to all of the user's contacts."

According to Mr. Parsons, the purpose of this particular virus is unclear.

"As far as we can tell it just spreads from one Facebook user to another. It does contain some form of backdoor capability, which enables it to download updates or other files. This is a possible avenue for infection or installation of other unwanted software. At the time of analysis we did not see it download anything new," he said.

While some experts believe that this virus is slow moving, here in Bermuda where the idea of six degrees of separation is laughable, a slow- moving worm is likely to turn into a Formula 500 race car.

"The impact of malware on social network sites like Facebook is higher for small places like Bermuda. Because everyone is linked, it magnifies the effect of a virus or computer worm in our small population," explained Stephen Davidson, chief marketing officer of QuoVadis Group, an Internet security company, located in Hamilton.

In order to protect yourself, Mr. Davidson strongly recommends having up-to-date anti-virus software and not to ignore the pop-ups advising users to update their software subscription.

"It's one thing to have the anti-virus software installed on your computer ¿ however, it's just as important to make sure that software is up to date," he said. "New viruses are created every day and anti-virus software vendors update their filters just as quickly. Using a filter that is six months old will leave your computer vulnerable to the new viruses out there.

"Another way to protect yourself is that if someone sends you a link in Facebook to a video ¿ go check it out yourself on YouTube first," he said.

But what if your computer has already been infected? Mr. Davidson recommends running a total system scan of your computer to find and rid your computer of the malware. People shouldn't be surprised if the scan takes an hour or more.

"After you've resolved an infection, it is important to change your passwords to Facebook and to your email accounts to be safe," Mr. Davidson explained. "Always be sceptical."

It is also important to make sure people obtain the most recognised anti-virus software because hackers are looking to dupe unsuspecting users into downloading fake protection.

"Users should be careful when looking for tools online to resolve an infection, because increasingly web sites or tools offering a solution may be used to insert new malware on your computer! You should only download tools from reputable anti-virus vendors such as Norton/Symantec, McAfee, Trend Micro and Kaspersky," he said.

Bottom line, experts warn never to implicitly trust everything that comes across your e-mail or on sites such as Facebook or MySpace.

Mr. Parsons agrees: "Users should be very wary of downloading missing codecs (the updated Flash Player, in this instance) for any videos. In most cases these days, missing codecs usually means an invitation to download and instal some new malware."