Facebook Malware Attack – BEWARE

User Group Network UGN Safenetting and Cybercrime report Do not click on any email from Facebook. Yet another new malware attack has hit Facebook — this one with some twists. Although it will probably trap thousands of users, it’s not a very good attempt.

At 18:14:03 24 Jun 2011 (four hours from now, obviously an Eastern Europe sender) we received two of these, and then later several more in our spam traps. There are two “senders” and two different “Subject” lines, so far — both bogus.

From:   	security@facebook.com
Subject:   	Your privacy information has been published

From:   	alert@facebook.com
Subject: Your Account Details has been rejected by bank

The alarming part of this new threat is
a) clicking downloads a dot-EXE file posing as a PDF, and
b) it appears to be hosted and administered on Yahoo.

In your mail reader it may look different, but this is the one we got. Telltale elements told us immediately it is bogus and either phishing or malware.

screen capture of Facebook malware scam

Note the misspelled word, and when hovering over the link we see hostingprod.com as the target — which has nothing to do with Facebook what so ever! They also attempted to elude spam traps by using the http://www.federalreserve.gov link in their footer … labeled “Facebook Security.”

The file which is the target is an EXE file, so that’s particularly troublesome.

Tracking the IP address and NS servers took us directly to Yahoo. Here’s what the Whois report looks like. The IP address takes us to Yahoo’s sp2.yahoo.com (DNS authenticity: Verified) server in Chicago, Illinois.

If you get mail from Facebook, do not click any links. Better safe than sorry.

Follow the InfoManager’s previous Safenetting Alerts

DO NOT CLICKThanks for reading…

Fred Showker

You can also keep up with the efforts to curb spam and cybercrime by reading the news at
GO Knujon and
GO HostExploit.com. And, you should
GO switch to SpamCop and take a stand against spam.