Criminals are exploiting a Twitter hashtag linked to the Malaysian Airlines crash in Ukraine to distribute a variant of the Zeus trojan, according to security firm Trend Micro.
Messages posted in Indonesian with the hashtag #MH17 link unsuspecting users to legitimate blogs and malicious domains, with spammers and hackers looking to boost traffic and infect machines.
Trend Micro said: "In the past we've seen several scams and threats that leveraged news of typhoon Haiyan, the Boston marathon, and 2011 tsunami/earthquake in Japan among others.
"We expect that as soon as more details of the MH17 crash unfolds, cybercriminals will launch other attacks that may possibly lead to personal information theft and system infection."
Two American IP addresses linked to multiple domains are being used in the attacks, which hope to capitalise on commonly searched terms on the social network and buzz around particular topics.
Shortened URLS are used to disguise the destination of the links, being common on Twitter due to the 140 character limit.
News of the crash broke on the social network when the airline announced that it had lost contact with one of its flights, in a message that was retweeted more than 74,000 times.
It read: "Malaysia Airlines has lost contact of MH17 from Amsterdam. The last known position was over Ukrainian airspace. More details to follow."
As the episode unfolded the airline continued to release updates on its Twitter feed, further stoking activity on the social network.