The Trojan generates messages to friends of infected users prompting them to click on an infectious link. Once infected, users are directed to contaminated sites when they try to use search engines, putting them at risk of identity theft, among other things.
ScanSafe reckons its systems have picked up the malicious application on Bebo and expects it to target other popular social networking sites such as Friendster, MySpace and BlackPlanet in the near future.
"Those who click on the link will be greeted with a message that they need to update their Flash player to view the 'video'. There is no video nor is there an update – it is all just a ruse to get users to infect their own system by installing the Trojan," explained Mary Landesman, senior security researcher at ScanSafe.
The company estimates that Koobface accounts for one per cent of its blocked malware, highlighting the rapid growth of infection.
"The same advice over the past half dozen years still remains true: don't click on links in emails received unexpectedly, even if that email appears to be from someone you know," added Landesman.
"Those who avoid promiscuous 'friending' on social networking sites will be least likely to encounter a Koobface type threat."