The attackers are sending e-mails to Google Groups members asking them to update their e-mail settings by following linked instructions.
The links take users to a fake Google Groups page that infects visitors' PCs with a Trojan that downloads malicious software, including rogue anti-virus program 'Desktop Security 2010'.
The rogue software runs a fake PC scan, notifies the user that the PC has been infected and then prompts the user to buy software to remove the threat.
The malware is designed to trick users into handing over their credit card details and other personal information to purchase the bogus software.
The eSoft researchers said the use of community sites like Google Groups and Windows Live is becoming commonplace for cybercriminals looking to get the upper hand on web and spam filters.
Web filtering with real-time URL lookups is the most effective way to combat these threats, they said.
eSoft is flagging compromised Google Groups pages as they are discovered, and blocking other sites involved with this attack, the firm said.
This story was first published by Computer Weekly