"It's not really surprising," said Mikko Hypponen, the chief research officer of Helsinki-based F-Secure. "We were expecting to see related malware."

The shift to direct attacks follows Monday's campaigns to , dubbed "rogueware," to both Windows and Mac users.

Earlier today, F-Secure warned users to steer clear of spam that included the "Fotos_Osama_Bin_Laden.zip" archive attachment. The messages claim the file contains photos of Bin Laden after he was by U.S. special forces during a 40-minute firefight in his compound in the northern Pakistani city of Abbottabad.

Running the resulting Windows executable file doesn't display photographs, but instead launches a new banking Trojan horse belonging to the three-year-old "Banload" line, said Hypponen. The malware sniffs out online banking sessions and then tries to redirect payments to other accounts.

Other security companies have also snared malware packaged with Bin Laden spam.