Fake Facebook e-mail “Subject: updated account agreement”

It has been a busy week so far for the writers of e-mail exploits and this Friday morning they continue to try to trick the public into installing their malware. The latest threat to fall into the Sophos spam traps purports to come from Facebook and requests the user to update their account agreement by unzipping and executing an attached file called agreement.exe.

Dear Facebook user,

Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date.
Accounts that do not submit the updated account agreement by the deadline will have restricted.

Please unzip the attached file and run “agreement.exe” by double-clicking it.

The Facebook Team

Of course we all know that it is pure folly to unzip and run an unknown executable attached to an e-mail, however the implied threat of finding their access to Facebook restricted by ‘the deadline’, whenever that may be, is obviously severe enough to panic a number of the users of Facebook into falling for this trick.  

They really should think twice, by agreeing to install agreement.exe they will install a Trojan.

Sophos detects this threat as Troj/Dloadr-CWS.