Faux Facebook Message Spreading Malware

Wednesday, April 13, 2011



Graham Cluley of NakedSecurity posted a new warning about an old trick that is still making the rounds and targeting Facebook users.

If the scam is still prevalent, it is a good indication that many Facebook users are still unaware of it and falling prey to the malware distribution operation.

For quite some time, Facebook users have been receiving emails that claim to be from the social network's technical support or administrative teams.

The messages state that the user's password was not secure and that it has been changed, then directs the user to access an email attachment which, as you may have surmised, contains malware - specifically the Mal/Zbot-AV.

The emails typically look like the following:

Fake Facebook support message. Dear user of FaceBook

The text of the email reads:

Dear user of FaceBook.

Your password is not safe!
To secure your account the password has been changed automatically.

Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Administration of Facebook

As Cluley so aptly points out, there are multiple indications that the email is fraudulant, and these kinds of "red flags" are common to email attack campaigns.

"Your alarm bells should be ringing instantly when you receive this message for a number of reason [sic], not least that it can't decide if it's 'Facebook' or 'FaceBook', but also because why would Facebook ever email you an attachment? And why are they being so impersonal and not using your name?" Cluley writes.

Other indications of fraud to watch for are spelling and punctuation errors - note the use of a period instead of the customary comma after the salutation.

Also, the header of an email when examined may tip targets to the scam, such as the use of a senders name that is similar, but not exactly like the entity the scammers are impersonating.

But that is not true in every case, such as the example cited in this article, which actually uses "Facebook" spelled correctly in the header.

"So, just because an email claims to hail from password@facebook.com, support@facebook.com or message@facebook.com, realise that its headers could have been forged - and don't blindly follow its instructions unless you're absolutely certain it's legitimate," Cluley advises.

And be wary of another scam that is still active: Rogue applications that promise to let members see stats about how often their Facebook profiles have been viewed, and by whom. The scams are usually phishing expeditions aimed at collecting data from members not available on their profiles.

Take your time, be critically minded, and remember you are your own first line of defense.

Possibly Related Articles:
Viruses & Malware
Email Facebook scam malware Attack Social Media Headlines password
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.