Malware spammed out as Facebook password change notification

If you received an email from “Facebook Service” telling you that your password had been changed because a spam message had been sent from your account, would you believe it?

Well, cybercriminals certainly hope you would as they’re spamming out malicious emails today attempting to trick unsuspecting users into opening an attached Trojan horse.

Malicious email message

The messages look similar to the following:


Facebook Service. Personal data has been changed! ID[random number]



Facebook Office. Your login details changed! ID[random number]


Facebook_details_ID[random number].zip

using different random numbers.

Message body:

Good afternoon

A Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you.
FaceBook Service.

Opening the attached file is obviously a very bad idea – as it will infect you with a Trojan horse that attempts to communicate with a website hosted in Russia.

Sophos products detect the Trojan horse as Troj/Agent-QAY, and the ZIP file which encloses it as Mal/BredoZp-B.

Hopefully most people wouldn’t fall for a scam like this, perhaps because they would notice the awkward use of language used in the email.

But with so many Facebook-addicts out there, I wonder how many people would panic at the thought of their password being changed and rashly click on the attachment without thinking.

Make sure that you keep your computer security up-to-date, and remain aware of the social engineering tricks used by cybercriminals to lure you into running their malware.