FACEBOOK users, beware. Malicious software - or malware - is making its rounds on the popular social networking site.

And if you get hit by it, it will leave a message about penis enlargement on your friends' virtual walls.

Of the 69 million active users on Facebook, at least 100, including two in Singapore, have fallen prey to it.

One of them, Mr Marcus Chy, a 22-year-old student, was shocked to find that the embarrassing message had been sent from his Facebook account and left on the 'walls' of 120 friends in his network.

The message is about how someone took some pills that made their private parts 'larger than life', and how the writer was thinking of getting some as the makers 'guarantee 100 per cent that they will work or every cent you paid back to you'.

It also directs the reader to an external website.

Mr Chy, who does not know how he got the virus, said: 'It sounds conversational, as though I really wrote it. I'm horrified, because most of the people on my Facebook account are acquaintances, some of them are nice girls - pastors' daughters. And now they get this message from me!'

He found out about the posts when he logged in at 11pm on Thursday, and spent an hour frantically deleting them from his friends' walls.

But some of his friends had already written back to ask about his post.

Said Ms Carole Theriault, senior security consultant with IT security company Sophos: 'Most people tend to let their guard down when accessing and exchanging information online because they are simply unaware of the potential dangers associated with unsafe computing practices.'

Dr Seamus Phan, an IT consultant with more than 20 years' experience, explained that social networking sites like Facebook make use of an open architecture for plug-in software.

'So it's open to everyone and can be more easily exploited. It can be used for good, but bad guys can also exploit this openness,' he said.

TAKE CARE ONLINE

He also cautioned against revealing personal details online.

Dr Phan said: 'Some kids these days put every private detail of themselves online. Even if they have been using Facebook for frivolous fun, they should remember that nothing is harmless.

'We don't know what the plug-in does, so my advice is not to install any.

'You should always go in with a defensive mental state.'

Ms Theriault said Facebook users should allow their online profile to be viewed only by friends and they should be careful in allowing someone to become their friend.

Mr Chy said one good thing was that some of his long-lost friends had re-established contact after seeing the wall post. And he said: 'As a joke, I purposely left it there on some of my closer friends' walls for a good laugh.'

This article was first published in The New Paper on Apr 19, 2008.