If people click on a third-party Web site link and a message pops up asking them to download software into their machines, they should never go ahead with the software download. If they feel they should upgrade their Flash player, they should do so only from Adobe's Web site, Cluley said.

The news is also relevant for IT departments of companies where employees are allowed to use Facebook at work, Sophos said. Given the wide popularity of social networking for personal and business communications, IT managers should draft policies regarding the proper use of these sites by employees, Sophos said. IT managers should also consider whether they need additional security wares if they decide to allow these sites to be accessed from the office.

"The users inside your company may be more willing to click on a link in a Facebook Wall message than they would in a corporate e-mail," he said.

For example, many IT departments have installed products that scan e-mail traffic to intercept malware and spam, but with many Web sites now being used to host malware, it's a good idea to also install a security device that scans all office Web traffic and any software downloads that employees attempt to make.

So far, the Facebook Wall attack seems to target Windows PCs and laptops.

Facebook, which has about 80 million active users worldwide, didn't immediately reply to a request for comment.

The prompt to download an upgraded Flash player is apparently becoming popular with malicious hackers. This week, Adobe posted its own alert warning people not to fall for this trick. Apparently, the bogus Flash message is part of other malware attacks that use microblogging site Twitter and other social sites.

Last week, security company Kaspersky Lab warned of new worms targeting MySpace and Facebook users via automatically generated comments and messages to those on their lists of friends.