Facebook is a growing attack vector for smartphone malware, says Sophos.

Senior technology consultant at the security firm, Graham Cluley, said he agrees with a BitDefender study that shows the same thing. Cluley also said Android phones are often the easiest targets.

"The iPhone operates in a more controlled environment and the BlackBerry security model is fairly strong. Because Android operates in a more open environment, it's more open to infections," Cluley said.

Given the growing popularity of Android phones among businesses, Cluley said this is something IT security organisations must be more aware of.

The malware being sent to the phones via Facebook messages are the garden-variety spam messages that rely heavily on social engineering tactics. A Sophos threat report due out next week will dive more into the social networking threat.

"Spam is certainly here to stay, but the motivations and methods are continuing to change in order to reap the greatest rewards for the spammers," Cluley said.

Earlier, BitDefender came out with a report warning that Facebook has become the biggest mobile malware threat. Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs, the report said.

BitDefender pointed to Google statistics revealing almost a quarter of Facebook users falling for a recent scam on the social network from their mobile device. The URL that was studied was one that claimed to show users a girl's Facebook status which got her expelled from school. It generated 28,672 clicks - 24 percent of which originated from mobile platforms. Users who clicked on the link - whether on their PC or mobile device - downloaded a Facebook worm and fall victim to an adword-based money grabbing scheme.

"When data security researchers focus on finding malware specifically designed for mobile platforms, they lose sight of an important mobile platform threat source -  the social network," said George Petre, BitDefender Threat Intelligence Team Leader.

See also: Facebook users warned over 'free iPhone' scam