Facebook friend added a new photo of you? Beware spammed-out malware attack

by Graham Cluley on August 28, 2012 | 1 Comment

Filed Under: Facebook, Featured, Malware, Social networks, Spam

Computer users are being warned to be careful about opening unsolicited email attachments, after a malicious Trojan horse was spammed out posing as a Facebook notification that the recipient is featured in a newly uploaded photograph.

The emails, which pretend to come from Facebook, look like the following (click here for a larger version of the image).

Facebook malware email. Click for larger version

Subject: Your friend added a new photo with you to the album

Attached file: New_Photo_With_You_on_Facebook_PHOTOID[random].zip

Message body:

Greetings,

One of Your Friends added a new photo with you to the album.

You are receiving this email because you've been listed as a close friend.

[View photo with you in the attachment]

Photo tagging on FacebookOf course, the emails don't really come from Facebook.

But there are surely many people who could be duped into believing that they have been tagged by one of their friends in a photograph, and want to see if they look overweight, unattractive or simply fabulous (delete as applicable).

Unfortunately, the attached ZIP file contains malware, designed to allow hackers to gain control over your Windows computer.

Sophos products intercept the malware as Troj/Agent-XNN.

Last month, experts at SophosLabs saw another malware campaign posing as a Facebook photo tag notification. On that occasion, the emails did not contain attachments but instead linked to compromised websites which aimed to attack visiting computers with the Blackhole exploit kit.

If you're on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 190,000 people.

Tags: , , ,

One Response to Facebook friend added a new photo of you? Beware spammed-out malware attack

  1. Sarah says:
    October 4, 2012 at 7:42 am

    Thanks so much for this post.

    My grandma received this scam email a few days ago. (She is not on facebook, but thought someone she knew might have sent her a photo anyway.)

    The email looked the same as your image above, and came with a .zip attachment. I can't remember the whole file name (as I've just deleted it), but it began with "FacebookPhoto" followed by some numbers.

    Grandma asked me about her "facebook photo" email today... she saved the zip file to her Documents folder, but didn't open it (phew!)... I've now deleted the saved zip file as well as the scam email, and am running some anti-virus software checks.

    I think her computer should be safe since she didn't open the zip file - is this right?

    Thanks again for the helpful post,
    Sarah

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.