Saturday04 February 2023

New Facebook Malware Poses As A Posted Picture Notification E-Mail

Reading time is around minutes.
News light-virus-1

If you have been around computers for long you might remember the “I Love You” malware or the Nimda malware. Both of these relied on our habits of opening up links and attachments without out considering the email or subject. What made Nimda and I Love You even more dangerous is that they came from people we know. Now it looks like there is a new Facebook malware running around the internet. The new malware that was caught by Sophos Labs takes advantage of user trust of links claiming to have posts about them. It is an often used form of social engineering that has been effective ever since some of the first Spam malware hit the net.

The new Facebook malware comes in the form of an email that claims someone has posted an image of you on Facebook. The email looks very real with the exception of the actual email address. In order to keep things as close to the real thing as possible, the coders slipped in an extra “o” in the “from” address (so it reads Faceboook). This is a slight addition that 99% of people will overlook (we are sure you have seen the Facebook post about reading misspelled words). If you click on the link to view the picture of yourself then you are in for an interesting trip. First the link takes you to another page (not Facebook) where it uses an iFrame script to try and infect your system, however to avoid too much suspicion the link does redirect you to a random user on Facebook within about four seconds.

From there you can try to figure out what happened as there is no picture of you at all. It is a cleverly written bit of code. However, with a little attention you will be able to spot the real from the fake. First check the address if it is from Faceboook do not open it. Second if you hover over the links in the email you will see that they do not take you to, but to another site completely.  We will expect more of this type of malware to hit and soon now that Facebook uses paid sponsored posts and real money. We wonder when the first targeted attacks on the payment systems will start and if some of the recent malware are simply testing the waters for a more concentrated effort down the road.

Sophos Blog Post

Discuss this in our Forum

Last modified on Wednesday, 18 July 2012 14:17

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.