Google discussion groups are being hit by messages linking to rogue anti-virus software, security firm Webroot has warned.
The attacks have gained momentum in the past few months and typically use free Gmail accounts to post brief messages in both open and closed Google Groups.
The messages claim to link to "fun videos" but instead link to code that redirects browsers to Chinese sites hosting rogue anti-virus software.
The links, which originate from a number of link-shortening services, and the Chinese host sites are viable for only a day or two, said Andrew Brandt, malware researcher at Webroot.
Anyone clicking on the link will automatically download the rogue anti-virus software, which Webroot has identified at Antivirus 2009, he said in a blog post.
The well-known rogue software lists several fake threats in an attempt to scare people into paying for a full version of the program to fix the problems.
Customers of Antivirus 2009 and its variants lose the money the paid for the application, which may or may not cause further disruption, depending on the variant.
Security firm Symantec has identified more than 250 types of fake security software and predicts that rogue anti-virus or "scareware" incidents will increase in 2010.
Researchers said 24% of the top 50 most common kinds of scareware were created in 2009.
Some 93% of bogus security software is downloaded intentionally by victims who believe they are buying added protection against security threats, Symantec said.