The first ever malware programme is spreading through Facebook as application developers look to find lucrative revenue streams from the social-networking site.

More than four per cent of the site's million-plus users have already been infected with the "secret crush" malware in less than four days. The spyware monitors internet activity in order to target advertising.

The development is inevitable with such a large user communmity, said security software specialist Fortinet's threat response manager, Guillaume Lovet.

"People are developing Facebook applications for profit rather than just for fun - social networking sites are becoming what the Internet already is in general: a dangerous place," he said.

Though not technically a worm, because it does not propogate itself automatically, the malware spreads by prompting users to forward the application to five of their friends.

Though the secret crush malware does not actually function as the software is purports to be, a legitimate application could monitor preferences and pass information to online marketers in a similar way because users tick a box allowing an application to "know who I am and access my information," when applications are installed.

"People have been lulled into not caring about sharing their personal information – this stuff is gold dust to those looking to target online advertising," said Lovet. "So far Facebook's approach has been to say that people use these applications at their own risk."

Last month Facebook founder Mark Zuckerberg altered the site's new advertising system – known as Beacon – after widespread consumer complaints because it told other users what a person had bought.