1. An infected account sends you a message with a video link.
2. The link takes you a video and then tells you to update your flash player (screen shot below).
3. You proceed with the download, which is actually a form of malware. You are now infected and you'll pass along the cyber-germs to other facebook users.
There's also another problem I've seen: rogue applications. These apps get you to sign in, giving access to your FB account info.
Here's an example: I kept getting messages from contacts stating my profile was in violation of FB's terms of service. I ignored these, but I assume this was come kind of rouge application designed to trick me to signing in.
I'd advise you to do the following:
1. Keep your AV software current.
2. Never download something if you are not sure what site it is coming from. If a website tells you to download the flash player, just leave it and check for software updates on a trusted website (like flash.com).
3. Never let your guard down. Messages you receive may not be from your friends. If it seems fishy (like a friend sending a weird video link or reporting you for violating TOS), ignore it or send your friend a message and ask if he/she actually sent the message (or app invitation).