According to Harley, who is a director of malware intelligence with ESET, Koobface's latest attack modus operandi is that it only infects users the first time the victim accesses the site.
Subsequent attempts generate what looks like a 404 error (page not found) and, says Harley, attackers do this to hamper the work of security researchers, so that it becomes more difficult to analyse subsequent differing versions of the malicious code.
Koobface, which was was first detected in late 2008, propagates by delivering Facebook messages to people who are 'friends' of a Facebook user whose computer has already been infected.
Upon receipt, the message directs the recipients to a third-party website, where they are prompted to download what purports to be an update of the Adobe Flash player, but is actually the malware.
Harley reports that, in this latest campaign, the Koobface worm spreads across social networks by way of messages claiming to be about hidden cameras showing erotic encounters via an internet connection.
"A message is sent from the infected machine to each of the owner's contacts and the link redirects to websites called 'video posted by – hidden camera.' A pop-up at this site tells the user that he needs to download what is supposed to be a video codec, in order to look at the video", said Harley in a security blog posting.
"As you can guess, the offered file isn't any sort of Flash codec, but the Koobface executable. If the user downloads and runs it, his system will become infected", he added.
Harley reports that ESET's research labs in Latin America have found and analysed over 100 IP addresses where users whose systems are already affected are responsible for the spread of this malware.
It is, he says, "very important" to prevent infection, not only because of the risk to your own system but because of the risk to others.
"Don't trust any messages of this type that turn up in social network messaging services like Facebook. Be on the look-out for deceptive social engineering and keep your antivirus software properly updated", he said.