Panda Security says that the message includes the words "Check out Obama punch a guy in the face for calling him a n*****," and then take the user to a fake Facebook page where, according to Panda, " they are prompted to submit their Twitter log-in details. However, if the user enters their credentials, the malware will hijack their account in order to send the same malicious message to all of their contacts."

This is actually a replication of a fraud that has been circulating on Yahoo Messenger for some months, with an message from a known contact telling recipients that there are dodgy photos of them and to click what turns out to be a fake Yahoo page with a request to link that service to the existing account.

"This attack exploits the two most popular social networking sites, Facebook and Twitter, to trick users into believing they are viewing a trusted site," said Luis Corrons, technical director of PandaLabs. "It also relies on its victims' curiosity by using a scandalous story involving U.S. President Obama and racism. Cyber-criminals know people are curious by nature and take advantage of this to trick users and infect them with their creations."