Facebook friend added a new photo of you? Beware spammed-out malware attack

Computer users are being warned to be careful about opening unsolicited email attachments, after a malicious Trojan horse was spammed out posing as a Facebook notification that the recipient is featured in a newly uploaded photograph.

The emails, which pretend to come from Facebook, look like the following (click here for a larger version of the image).

Subject: Your friend added a new photo with you to the album

Attached file: New_Photo_With_You_on_Facebook_PHOTOID[random].zip

Message body:

Greetings,

One of Your Friends added a new photo with you to the album.

You are receiving this email because you've been listed as a close friend.

[View photo with you in the attachment]

Of course, the emails don’t really come from Facebook.

But there are surely many people who could be duped into believing that they have been tagged by one of their friends in a photograph, and want to see if they look overweight, unattractive or simply fabulous (delete as applicable).

Unfortunately, the attached ZIP file contains malware, designed to allow hackers to gain control over your Windows computer.

Sophos products intercept the malware as Troj/Agent-XNN.

Last month, experts at SophosLabs saw another malware campaign posing as a Facebook photo tag notification. On that occasion, the emails did not contain attachments but instead linked to compromised websites which aimed to attack visiting computers with the Blackhole exploit kit.

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 190,000 people.