Facebook friend added a new photo of you? Beware spammed-out malware attack

Filed Under: Facebook, Featured, Malware, Social networks, Spam

Computer users are being warned to be careful about opening unsolicited email attachments, after a malicious Trojan horse was spammed out posing as a Facebook notification that the recipient is featured in a newly uploaded photograph.

The emails, which pretend to come from Facebook, look like the following (click here for a larger version of the image).

Facebook malware email. Click for larger version

Subject: Your friend added a new photo with you to the album

Attached file: New_Photo_With_You_on_Facebook_PHOTOID[random].zip

Message body:

Greetings,

One of Your Friends added a new photo with you to the album.

You are receiving this email because you've been listed as a close friend.

[View photo with you in the attachment]

Photo tagging on FacebookOf course, the emails don't really come from Facebook.

But there are surely many people who could be duped into believing that they have been tagged by one of their friends in a photograph, and want to see if they look overweight, unattractive or simply fabulous (delete as applicable).

Unfortunately, the attached ZIP file contains malware, designed to allow hackers to gain control over your Windows computer.

Sophos products intercept the malware as Troj/Agent-XNN.

Last month, experts at SophosLabs saw another malware campaign posing as a Facebook photo tag notification. On that occasion, the emails did not contain attachments but instead linked to compromised websites which aimed to attack visiting computers with the Blackhole exploit kit.

If you're on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 190,000 people.

, , ,

You might like

One Response to Facebook friend added a new photo of you? Beware spammed-out malware attack

  1. Sarah · 692 days ago

    Thanks so much for this post.

    My grandma received this scam email a few days ago. (She is not on facebook, but thought someone she knew might have sent her a photo anyway.)

    The email looked the same as your image above, and came with a .zip attachment. I can't remember the whole file name (as I've just deleted it), but it began with "FacebookPhoto" followed by some numbers.

    Grandma asked me about her "facebook photo" email today... she saved the zip file to her Documents folder, but didn't open it (phew!)... I've now deleted the saved zip file as well as the scam email, and am running some anti-virus software checks.

    I think her computer should be safe since she didn't open the zip file - is this right?

    Thanks again for the helpful post,
    Sarah

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.