This comes from snopes.com. A spam email message is circulating claiming Facebook is going to start charging a fee of $4.99 per month soon. The email has a link to a website which is claimed to be an online petition to prevent this. In fact, it is a page full of malware.

I would estimate that 75% of malware that I see comes from social networking sites, such as Facebook, Twitter, and Myspace. The malware may not be on the site itself, but these scammers use that site as a vehicle to deliver the malware. What happens is some cybercriminal creates a page on these sites and loads it full of viruses and malware. People are naive and assume that every page is safe and before you know it, you've clicked on a bad page. The ones that are trying to make as much money as they can as fast as they can work only on Windows, and aren't very sophisticated. The malware first tries many known security vulnerabilites, including ones found in non-Microsoft programs such as Adobe Acrobat and Flash. If a computer is fully patched, then it tries to fool the user into manually installing the malware. Fake antivirus programs fall into this category, but their power is limited because that would cost too much money to make. The really good ones work on both Windows and Mac and are difficult to remove.

One of the other major causes of malware infestations is from spam email, such as this scam. In one example, people use a weak or common password and the cybercriminal comes along and systematically tries to figure out your password. He (sometimes she) will try the most common passwords people use (i.e. 123456) and then, if that fails, read your page to learn what it might be. For example, your password may be related to your dog's name and on your page you will have the name of your dog on it. That makes it easy for the cybercriminal to have access to your page. What he will then do is change your page and load it with malware and viruses (but make sure it looks the same) and then send out an email to all your friends through the social networking site with a link which contains malware. Since it looks like it comes from you, people are more likely to trust it and thus click on the link.

The other major causes of malware are porn sites and hacked websites.