Originally launched on MySpace, the social networking worm's variants have targeted Bebo, Facebook, Friendster, hi5, Tagged, and Twitter.
The social networking worm spreads by using stolen accounts to post spam messages which purport to contain links to `interesting' online videos.
Visiting the link takes users to a web page displaying a fake embedded video, which is actually just an image.
Attempting to view the video will prompt the download of the worm's installer, masquerading as a flash player update or a similar video codec.
The new variant of the Koobface social networking worm, said Stefan Tanase, a senior security researcher with Kaspersky Lab, significantly enhances the social appeal of the links, as well as changing the landing age.
"There's a new twist to the social engineering, with links from infected messages leading to a very well designed Facebook lookalike page," he said.
The fake Facebook video page displays an alert, noting that an upgrade for the flash player add-in is required to view the video.
The `upgrade; is actually the worm Net-Worm.Win32.Koobface.d.
According to Kaspersky Lab, another significant change in this Koobface social networking worm variant is the use of URL randomisation - the URL address of the destination page has random tokens appended to it, which are then used to generate unique bit.ly addresses.
Kaspersky Lab says it has identified almost 100 unique IP addresses hosting Koobface, although a URL used as a landing page for Koobface has been brought down, apparently following the IT security vendor's intervention.