Malicious software dating back from August this year has been altered recently and has begun attacking Facebook users since Wednesday.

The Koobface virus targets only social networking websites and one variant of the worm affected MySpace users earlier this year, but the bug was fixed by updating security features for the site.

Now, Koobface has moved on to Facebook and it is rapidly travelling through the website via messages that seem to have been sent from users’ friends.

The worm’s M.O. works like this: first, the user receives a message in his or her inbox, with a subject such as “You look funny in this new video” or something of the like, and is afterwards asked to click on a link to a video website. Once on the site, the user is required to open a file called flash_player.exe, announcing that an update for Flash Player is necessary in order to play the video.

If one chooses to install the update, Koobface downloads a program called tinyproxy.exe, which loads a proxy server named Security Accounts Manager (SamSs) when the computer boots up the following time.

Then the worm proxies all outgoing HTTP traffic, which can render Facebook users’ queries on Google, Yahoo or MSN to be hijacked to lesser-known search engines.

Facebook representative Barry Schnitt has informed that a small percentage of Facebook users had been affected by the virus and that they were updating security tools by resetting passwords on infected accounts and deleting spam messages.

Moreover, Facebook has also posted on their Security page instructions on how to remove Koobface from affected computers.