According to Fortinet, miscreants have obtained access to a number of Facebook accounts - possibly through a phishing worm that was circulating earlier this year - and they are being used to post Wall messages linking to sites such as online pharmacies.

Fortinet officials observed that "although this has been rarely seen on Facebook so far, it is fairly common on MySpace."

They also referred to "a criminal fraud ring" that includes Canadian Pharmacy.

"While hijacked accounts have not been proved to be utilised for anything beyond posting relatively innocuous spam 2.0, it is not a stretch to think that links to drive-by-install malicious sites could be injected at some point," the officials said. "Following links contained in wall posts is therefore not recommended."

The technique mirrors the way email spammers previously used harvested address books to send messages apparently from people known to the recipients so they were more likely to open the emails and click on the links they contained or open any attachments.