Hackers have begun cashing in on the Virginia Tech university tragedy by spamming out malware-infected emails purporting to offer cameraphone footage of the attack which resulted in more than 30 deaths.
Email messages carry a photograph of gunman Cho Seung Hui and claim to link to a Brazilian movie website carrying footage of the campus shootings.
But clicking on the link downloads a malicious screensaver file which installs a banking spyware Trojan.
The Trojan attempts to steal passwords, usernames and other information from online bank users, opening the possibility for identity theft and allowing bank accounts to be raided by cyber-criminals.
"It is pretty sick that cyber-criminals use tragic events like this in their attempts to make cash, but sadly it is not the first time and unlikely to be the last," said Graham Cluley, senior technology consultant for Sophos.
"It is of paramount importance that everyone treats unsolicited emails with suspicion, and thinks twice before they run a unsolicited program or click on a link.
"Regular antivirus updates, firewalls, security patches and a good serving of common sense is a must."
Past malware and spam campaigns have taken advantage of headline breaking news stories such as Hurricane Katrina, the Indian tsunami and the terror bombings in London.
Connexin drops out of Ofcom auction due to start next week
SwiftKey users now send two billion emoji every week
Recruitment plans are 'most ambitious ever', claims Openreach HR director Kevin Brady
Samsung's under-the-hood improvements separate the S9 from the pack when it comes to the display