The Syrian Electronic Army (SEA) operates with at least tacit support of the government. In the last weeks it targets Facebook and Youtube accounts of Syrian activists to get the login credentials and infect the computers with malware.
February 2012 CNNtech reported the deployment of computer viruses like Backdoor.Breut against Syrian opposition activists
3 waves of attacks were reported by EFF.org in March 2012. At first a PDF document was delivered via Skype message from a known friend. It installed a remote administration tool called DarkComet RAT, which can capture webcam activity, disable the notification setting for certain antivirus programs, record key strokes, steal passwords, and more.
April 2012 the Facebook security application FacebookWebBrowser.exe was promoted for Syrian activist in Facebook comments. The FacebookWebBrowser.exe is a malicious application which logs keystrokes and steals login credentials for email accounts, YouTube, Facebook, Skype, and others.
Since a few days a Skype Encryption Tool is promoted for Syrian activist. The application does not encrypt anything. Instead of encrypting Skype traffic, the application downloads malware.
In may cases compromised accounts were used for malware distribution and people may think, the message is comming from a friend.