Sophos Cloud Optix
Cybercriminals are adopting a new disguise, following last week’s “Facebook password changed” malware attack.
Computer users are discovering malicious code has been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam.
A typical message reads:
Dear client
Spam is sent from your FaceBook account.
Your password has been changed for safety.
Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.Please do not reply to this email, it's automatic mail notification!
Thank you.
FaceBook Service.
The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it’s spelt “Facebook” not “FaceBook”.
Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.
We’ve seen similar attacks before, of course – and I imagine that cybercriminals will continue to use ruses like this when spreading their malware. Plenty of people are hooked on Facebook, and a message telling them that their password has been reset is likely to send them into palpitations and they may open the unsolicited attachment without thinking.
After all, it’s not as though spam being sent from Facebook accounts is unusual.
If only more people realised that they cannot trust the “from:” address in an email, as it is so easily forged. In this case it presents itself as being from "Facebook Help" <official@facebook.com>, but in reality it could just as easily be a Hungarian hacker, a Finnish fraudster or a Serbian scammer who initiated the widespread spam attack.
Sophos products intercept the attack as Mal/BredoZp-B.
If you are one of those many people who can’t get enough of Facebook in their lives, can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.
or an American Noob, I guess. let's not descriminate 3rd world countries, k.
Who falls for this stuff? Dear client? Spam is sent? I wouldn't fall for this in a million years and it boggles my mind that other people do. You have to live under a rock to not know this kinda email is a scam/virus, etc.
todya i got a mail from a bank regarding some address changes. after clicking the link i found my self landed in a website which is not the official bank website but, much similar one.. is it a spam attack..
Sounds like a phishing attack to me – but hard to say for certain without more information.
Thank you for posting this. I received this exact email in my junk box (from the "Facebook Abuse Dept", but not trusting anything that isn't from someone I know or something I'm subscribed with, I did a little research first. Glad to know your website exists! 🙂