Experts have issued warnings over a pair of recent web attacks that put social networkers and basketball fans in the firing line.
McAfee said in separate reports that Facebook has become the lure in a new " password reset" scam and that malware writers have begun to tailor their attack sites to the NCAA college basketball tournament known as March Madness.
McAfee Labs research manager Dave Marcus said that the company had spotted emails claiming to be from Facebook's customer support team. The messages tell the user that their password has been reset and the new password was in an attached document.
On opening the attachment, users are subjected to a number of different malware infections ranging from botnet controls and data harvesters to fake antivirus applications.
"From the looks of the spams themselves they may be associated with the Cutwail or Rustock botnets, but that analysis is still ongoing," Marcus wrote in a blog posting.
Meanwhile, malware writers using web-based attacks have begun to target the popular US March Madness university basketball tournament. McAfee researcher James Duldulao reported that many of the popular search terms relating to the tournament were linking to sites that contained malicious code.
Duldulao said that an embedded Flash object within the otherwise legitimate pages was contacting another server and attempting to exploit browser vulnerabilities in order to install malware on the targeted system.
The use of search engine optimisation (SEO) to place attack sites high on search engine result pages has become a favourite tactic of malware distributors in recent years. Current events and holidays have become particularly popular lures.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws