PandaLabs says that it has identified the 56th variant of a family of worms that use Facebook to defraud users.
The Boface.BJ worm downloads and installs rogue anti-malware, attempting to trick users into believing they are infected and consequently buy a fake antivirus package.
According to data compiled through Panda's ActiveScan online scanner, 1 per cent of all computers scanned have been infected by a variant of Boface since August 2008.
1 per cent of people will still download anything
Luis Corrons, technical director of PandaLabs says, "Extrapolating this data with an estimate of the number of Facebook users, about 200 million, we approximate that two million users could be infected. The increasing number of variants in circulation is due to the aim of cyber-crooks to infect as many users as possible and therefore boost their financial returns.
The number of infections observed for this family of warms indicates an exponential growth rate as high as 1,200 per cent over the last eight months.
Almost 40 per cent of infections are found in the United States, with the rest distributed across many different countries.
Once the computer has been infected with new Boface.BJ.worm it takes four hours to kick into action, activating once infected users have entered their Facebook accounts.
It sends a message to the entire network of friends, including the infected user, directing them to fake YouTube site where users are prompted to download a media player - in fact, the fake antivirus product.
Sign up for Black Friday email alerts!
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Mark Harris is Senior Research Director at Gartner.