According to U.K.-based Sophos, the Facebook messages don't play video of the al-Qaeda leader's death, but actually dupe users into copying and pasting a line of JavaScript into their browser's address bar.

The Bin Laden Facebook con dupes users into spreading the scam. (Image: Commtouch.)

"Any time you paste a script into your browser's address bar, you're effectively running code written by the scammers without the safety net of protection," said Graham Cluley, a Sophos senior security technology consultant, in a post to his Tuesday. The JavaScript shares the bogus news of the video with all of a user's Facebook friends by posting it to their "walls."

The criminals make money, said security firm , by eventually shunting to users a marketing page that generates pay-per-click revenues.

Hackers and scammers are able to rapidly ramp up attacks whenever a major news story breaks because they're simply tweaking existing malware or schemes, said Hypponen. And some of their processes are even automated.