For those that haven't heard, there's a bug in Android dating as far back as 2.2. The very short of it is this. Android automatically processes videos and other files that are sent to you via MMS (those multimedia text messages) so you don't have to wait to view them. Someone found a way to inject code into that video in such a way that when Android processes the video, the code is executed, and bad things can be done to your phone. A full patch is the only real way this can be fixed, but in the mean time here is a band-aid.
Turn off auto-retrieve and this will stop the video from being pre-processed. It will still be executed if you manually view the file, so treat text message attachments like email attachments, with caution, especially if it's suspicious or you don't know the source. As far as I know virus engines aren't picking this up yet.
This works for the Samsung built in Messaging app. Similar settings are available in most apps in a similar location.
1) Make sure you're at the top level of your messaging app (not in a message) and click settings.
2) Look for "Multimedia Messages" or MMS
3) UNCHECK Auto Retrieve