Recently people have been getting infected from sites that seem to be and/or are related to facebook. Most of these infections come from phishing sites; that is, sites that look like facebook but are actually a different site which may contain viruses. In addition, if you log into a phishing site, they may get your username and password, and will be able to get onto your real account to make some 'bad' changes.
So how do you tell which is the real thing? Take a look on the screen shot below:
On the Address bar (hightlighted) you see the address of the facebook main page. The real page should be EXACTLY that (ie. facebook.com). NOT facebook.somethingorother.com, just facebook.com.
Of course, if the facebook page is different than from below, it also means that there is probably something wrong.
Everytime you log onto facebook you should always make sure that the above points are working in your favor. A virus can redirect you to another page (ie. browser hijacking) even if you type in "facebook.com" on your browser, so it's important to make sure.
Once you log into facebook, you should see the below screen:
Note that the address will have changed to "facebook.com/home.php"
If you see something else that's different (such as the old layout) you should double check the address in the address bar. Again if it says something else you may be in trouble.
And on a site note, you should never click on links that do not show the actual web address in an email (such as "Click here!") (if at all possible), if it's from a friend. Their email may have been comprimised, and may have sent you a link to a phising site. You should always type in "facebook.com" directly.