If you spot a Facebook post or a message that advertises an application that will let you "unlock" a "love" (<3) button if you run it - don't do it. If you do, you will be actually running a malicious Java applet that downloads a password-stealing Trojan.

You don't even have to press a button to install the application - a simple visit to the application's page (which is displayed in Croatian) will trigger a pop-up that will ask you to run the application which - unexplainably - masquerades as a “Sun Microsystems Java Security Update 6":

If this warning fails to arouse your suspicion and you run the application, the Java applet will download an .exe file from a URL passed as a parameter on the website.

More: http://www.net-security.org/malware_news.php?id=1527