Spam from your Facebook account? Malware attack poses as official warning

Filed Under: Facebook, Malware, Social networks, Spam

Cybercriminals are adopting a new disguise, following last week's "Facebook password changed" malware attack.

Computer users are discovering malicious code has been sent to their email inboxes, pretending to be a notification from Facebook that their social networking account has been used to send out spam.

Spam is sent from your FaceBook account

A typical message reads:

Dear client

Spam is sent from your FaceBook account.

Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Please do not reply to this email, it's automatic mail notification!

Thank you.
FaceBook Service.

The attack would, perhaps, be a little more successful at fooling more people if it had gone through a grammar check and if the perpetrators had paid more attention to the fact that it's spelt "Facebook" not "FaceBook".

Nevertheless, there are doubtless some computer users who might be tempted to open the attached ZIP file and infect their computers with malware.

We've seen similar attacks before, of course - and I imagine that cybercriminals will continue to use ruses like this when spreading their malware. Plenty of people are hooked on Facebook, and a message telling them that their password has been reset is likely to send them into palpitations and they may open the unsolicited attachment without thinking.

After all, it's not as though spam being sent from Facebook accounts is unusual.

If only more people realised that they cannot trust the "from:" address in an email, as it is so easily forged. In this case it presents itself as being from "Facebook Help" <>, but in reality it could just as easily be a Hungarian hacker, a Finnish fraudster or a Serbian scammer who initiated the widespread spam attack.

Sophos products intercept the attack as Mal/BredoZp-B.

If you are one of those many people who can't get enough of Facebook in their lives, can stay informed about the latest scams by joining the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.

, ,

You might like

5 Responses to Spam from your Facebook account? Malware attack poses as official warning

  1. isoz · 1592 days ago

    or an American Noob, I guess. let's not descriminate 3rd world countries, k.

  2. Chris Keel · 1592 days ago

    Who falls for this stuff? Dear client? Spam is sent? I wouldn't fall for this in a million years and it boggles my mind that other people do. You have to live under a rock to not know this kinda email is a scam/virus, etc.

  3. pratyushkp · 1585 days ago

    todya i got a mail from a bank regarding some address changes. after clicking the link i found my self landed in a website which is not the official bank website but, much similar one.. is it a spam attack..

  4. EedeeKay · 1582 days ago

    Thank you for posting this. I received this exact email in my junk box (from the "Facebook Abuse Dept", but not trusting anything that isn't from someone I know or something I'm subscribed with, I did a little research first. Glad to know your website exists! :)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley