According to the security firm, hundreds of social networkers said the video, which claims to be the "sexiest video ever", looked as though it had been posted on their Facebook page by friends.
The message with the video read "this is without doubt the sexiest video ever! :P :P :P. Candid Camera Prank [HQ] Length: 3:17" and featured a thumbnail of a woman on an exercise bicycle wearing a short skirt.
However, those clicking on the video are warned that the video won't play unless the correct software is installed. Those that download the software instead install adware on their PC.
"You may want to watch a sexy video, but you're more likely to end up being plagued by pop-up advertising," warned Graham Cluley, senior technology consultant at Sophos.
"Not only is adware being installed on your computer, but the rogue Facebook application is posting the same message to all of your friends' accounts. It's no surprise that your friends might click to watch the movie when it looks to all intents and purposes that you are the person who has sent it to them."
Cluley urged web users not to click on the link, and said those who have been attacked should scan their computer with anti-virus software, change their passwords and remove the application from their Facebook profile.
"70 percent more Facebook users are reporting being attacked by malware via the site in the last year, and the problem only seems to be getting worse," added Cluley.
"Social networking users need to learn not to fall for simple but effective social engineering tricks like this in future."