With regard to: http://www.vernology-south.com/blog/40-blog/102-latest-security-reports-from-microsoft-a-mcafee

We've been on the receiving end of just these types of Phish'ing tactics. Email Example:
______________________________________

Subject: Facebook Password Reset Confirmation
Body: "Hey (yourname)
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in the attached document.
Thanks,
The Facebook Team"
Attachement: Facebook_Password_(misc number here).zip
_____________________________________

_____________________________________

Subject: new Facebook account agreement
Body: Dear Facebook user,
Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.
Please unzip the attached file and run "agreement.exe" by double-clicking it.
Thanks,
The Facebook Team
Confirmation Code #: 84584635618090
Attachement: agreement.zip

_____________________________________

It's important to note that most membership sites websites will NEVER send you attachments and never a document containing some illusive password or .exe (executable). This is an infected email and should be deleted if received. Just as a side note, we found it particularly comical starting such an email with "Hey"; not going to happen especially from Facebook.

Rule: Unexpected or Unknown attachment = deletion should it get through the virus protection system.

http://securitylabs.websense.com/content/Alerts/3496.aspx