'Koobface' spreads by sending a message to people's inboxes, pretending to be from a Facebook friend.
It says "you look funny in this new video" or "you look just awesome in this new video".
By clicking on the link provided they're then asked to watch a "secret video by Tom".
When users try and play the video they're asked to download the latest version of Adobe Flash Player.
If they do, that's when the virus takes hold and attacks the computer.
Guy Bunker works for Symantec, who make Norton AntiVirus, and says there are two ways Koobface gets people's credit card details.
"It can either wait for you to buy something online and just remember the details you type in on your keyboard.
"Otherwise it can search your computer for any cookies you might have from when you've bought something in the past, and take them from there."
The Facebook case is the latest example of hackers using social networking sites to try to cash in.
MySpace was targeted by Koobface in August.
Security experts say people are far less suspicious about viruses on sites like Facebook because you need to be a member to log in.
Facebook won't give any specifics on how many users have been hit by the virus, only saying it's a small percentage.
But they have posted some advice on the site about what to do if you come across it.
"We're currently helping our users with the recently discovered 'Koobface' worm and phishing sites.
"If your account has recently been used to send spam, please visit one of the online antivirus scanners from the Helpful Links list, and reset your password."
-syaifful nizam ismail