Another Round of Malicious Facebook Spam Messages

It seems that spammers are really in love with the popular Web 2.0 social networking site, Facebook. In July we warned you against a spam campaign targeted towards Facebook and FBI. Then, in September, cyber-criminals used the malicious "add friend" spam to spread a Trojan.

This time researchers at Websense® Security Labs ThreatSeeker Network have released a report claiming that spammers had launched a new spam campaign targeted towards the Facebook website. Cyber-criminals are trying to trick potential victims into believing that the received email is a legitimate added friend confirmation.

Emails belonging to this spam campaign are spoofed to appear from the domain facebookmail.com. This is an official domain that Facebook uses for their outbound emails in order to inform their users about new events.

Below you can see a screenshot of a sample email with some comments from Websense researchers:

As you can see in the screenshot, recipients are prompted to click on the provided links. However, the problem here is that as soon as a potential victim clicks on any of these links, he or she will immediately be navigated to download a malicious executable file called "update.exe" (SHA1: a4dc17d1bcb191af75afedddf60aecbc2af2a37f).

Websense warns all users that "this malicious executable has a very low AV detection. When run, the malicious executable steals data from its victim, establishing a connection with an IRC botnet." On the whole, everybody is warned to look with suspicion at any "update.exe" attachments in their emails as the majority of such files will download nothing more but a malicious program.

Security experts warn all users to stay alert and not to believe in everything that they find in their inboxes. The best solution is of course to delete all unsolicited messages even with opening and reading them.