A video lasting approximately three minutes is apparently being posted to Facebook users' walls with a title of "Candid Camera Prank [HQ]" with a thumbnail of a lady on a bicycle wearing a short skirt.
Clicking on the thumbnail takes users to what appears to be a rogue Facebook application.
According to Patrik Runald, an IT security researcher with Websense, the application installs the infamous hotbar applet, which intercepts users' search requests on the web and supplies users with sponsored pages.
The Hotbar applet was originally developed by a company called Zango and is currently operated by Pinball Corporation, Infosecurity notes.
Reporting on the Candid Camera prank over the weekend, Sophos' senior technology consultant Graham Cluley said that the Facebook application – which has apparently been disabled by the social networking site – advises users that their video player was out-of-date and asks them to download an update.
"Judging by the number of messages posted on Facebook, thousands of people received this attack. If you were one of them, you should scan your computer with an up-to-date anti-virus, change your passwords, review your Facebook application settings, and learn not to be so quick as to fall for a simple social engineering trick like this in future", he said in his security blog .