YNOT – Just when you stop thinking about security, another virus or security flaw makes the rounds and reminds you that security concerns should never stray too far from your thoughts. Yesterday it was reported that a new virus is making the rounds disguised as a “password reset” email from Facebook; and in other security news, anti-malware company Dasient reported that more that 640,000 websites are infected with malware.The “Facebook” virus is actually a new variant of the Bredolab Trojan, a nasty piece of code that’s smart enough to go dormant when it detects that it’s being probed. The virus is delivered by an email titled “Facebook Password Reset Confirmation” that claims to come from “The Facebook Team.” It comes with an attachment ‘Facebook_Password_4cf91.zip,’ which extracts to become ‘Facebook_Password_4cf91.exe,’ the file that supposedly holds your new Facebook password.

Click it though and you’ve just infected your PC.

“Bredolab is a Trojan horse that downloads and executes files from the internet, such as rogue anti-spyware,” wrote MX Lab on its blog. “To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the Trojan might quit itself when an external program investigates its actions).”

Meanwhile, websites are quickly becoming just as dangerous as email for spreading malicious software code. In less than a year since its launch, Dasient has recorded more than 72,000 unique malware infections on websites.

“The statistics illustrate the growing trend of attackers targeting browsers and Web applications with SQL injections, cross-site scripting and other attacks that can lead to drive-by downloads,” wrote CNET blogger Elinor Mills. “Infections can come from anywhere on a site, including widgets and ads.”

According to Mills, most Web infections involve iFrames or Javascript being injected into the target websites. Also troubling, she reports that as many as 40% of infected sites get reinfected later after they are cleaned of malware.