Malware spammed out as Facebook password change notification

Filed Under: Facebook, Malware, Social networks, Spam

If you received an email from "Facebook Service" telling you that your password had been changed because a spam message had been sent from your account, would you believe it?

Well, cybercriminals certainly hope you would as they're spamming out malicious emails today attempting to trick unsuspecting users into opening an attached Trojan horse.

Malicious email message

The messages look similar to the following:


Facebook Service. Personal data has been changed! ID[random number]



Facebook Office. Your login details changed! ID[random number]


Facebook_details_ID[random number].zip

using different random numbers.

Message body:

Good afternoon

A Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you.
FaceBook Service.

Opening the attached file is obviously a very bad idea - as it will infect you with a Trojan horse that attempts to communicate with a website hosted in Russia.

Sophos products detect the Trojan horse as Troj/Agent-QAY, and the ZIP file which encloses it as Mal/BredoZp-B.

Hopefully most people wouldn't fall for a scam like this, perhaps because they would notice the awkward use of language used in the email.

But with so many Facebook-addicts out there, I wonder how many people would panic at the thought of their password being changed and rashly click on the attachment without thinking.

Make sure that you keep your computer security up-to-date, and remain aware of the social engineering tricks used by cybercriminals to lure you into running their malware.

, , ,

You might like

7 Responses to Malware spammed out as Facebook password change notification

  1. Spainbitch · 1716 days ago

    I just don't understand why the spammers don't make a little more effort and put out an email that is correctly spelled and has some formatting etc... it would surely skyrocket their strike rate? Not that I am suggesting that would be a good thing, I hasten to add, far from it! I just don't get why all of these scam emails, wherever they're from, look like they're drafted by an autistic 9 yr old...

    • Jeremy · 1714 days ago

      It's because the keyword filtering would make it reach the spam box. I never get correctly spelt spam but occasionally I get spam that is not written properly.

  2. Jennifer · 1716 days ago

    Someone sent me an e-mail from "Msn Customer Care" telling me I had to reply with my last name, password, alternate e-mail, and address or my account would be closed. What a crock! Even MSN doesn't do that. Some people would reply in panic.

  3. scrwylouie · 1716 days ago

    It's a good thing the imbeciles are incapable of writing English correctly, that should be your first warning not to do as they tell you.

  4. Always something to try sucking people in -- why? Because it works (unfortunately).
    Someone I know got an email from what looked like their ISP.
    The email of course had requested the user send them their login details, password, etc to "prove" it was their account otherwise it would be closed.
    Scare tactics work .. (even if spelling, grammar, etc is bad).
    People need to be reminded at times that most reputable sites do not send emails asking for login credentials and they do not send attachments to run in order to obtain new passwords.
    They don't send patches through email either..

  5. spookie · 1715 days ago

    And your objection to her alias is...?

    Grow up.

  6. spookie · 1715 days ago

    No. If one works for Facebook, one can spell and construct a sentence. I would not fall for this.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley