Facebook and college basketball in cyber-crime spotlight

Facebook users are being urged to trash emails telling them that their passwords have been reset

Experts have issued warnings over a pair of recent web attacks that put social networkers and basketball fans in the firing line.

McAfee said in separate reports that Facebook has become the lure in a new " password reset" scam and that malware writers have begun to tailor their attack sites to the NCAA college basketball tournament known as March Madness.

McAfee Labs research manager Dave Marcus said that the company had spotted emails claiming to be from Facebook's customer support team. The messages tell the user that their password has been reset and the new password was in an attached document.

On opening the attachment, users are subjected to a number of different malware infections ranging from botnet controls and data harvesters to fake antivirus applications.

"From the looks of the spams themselves they may be associated with the Cutwail or Rustock botnets, but that analysis is still ongoing," Marcus wrote in a blog posting.

Meanwhile, malware writers using web-based attacks have begun to target the popular US March Madness university basketball tournament. McAfee researcher James Duldulao reported that many of the popular search terms relating to the tournament were linking to sites that contained malicious code.

Duldulao said that an embedded Flash object within the otherwise legitimate pages was contacting another server and attempting to exploit browser vulnerabilities in order to install malware on the targeted system.

The use of search engine optimisation (SEO) to place attack sites high on search engine result pages has become a favourite tactic of malware distributors in recent years. Current events and holidays have become particularly popular lures.