Emails prompting users to find out who sent that "secret crush" email have for long been cursed by internet users, many of whom got the equivalent of a virtual STD in the process.
Using the same social engineering catch, malicious coders are now taking on the Facebook Platform application by storm.
Fortinet Global Security Research Team discovered a malicious Facebook Widget that is actively spreading on the social networking website and installs Zango Spyware/Adware.
Unsurprisingly, the widget is called "secret crush" and Fortinet has a detailed step by step guide as to how this social worms spread.
The final step of the operation is when the widget prompts you to install a file, which is where the widget publisher gets its pennies.
Traffic to the Zango website is quickly growing as shown by Alexa (opens in new tab), partly explained by the success of Secret Crush.
The site is currently ranked 549 in Alexa's top listing, a massive 500 places won since the beginning of December.
Fortinet says that more than 3 percent of the Facebook community, roughly 1 million users, have already installed the widget and it is propagating like wildfire.
The security company also expects 2008 to be even more dangerous as criminals look for novel ways to circumvent security measures put in place by Social Networking Sites.