Bogus Facebook emails pass trojans

Share this article:
Bogus Facebook emails pass trojans
Bogus Facebook emails pass trojans

Updated on Tuesday, Sept. 23 at 5:43 p.m. EST

A trojan-laden phish disguised as a message from the popular social networking website Facebook is making the rounds.

In an alert Monday, web security company Websense said that the email appeared to be sent by the domain facebookmail.com with a subject line that reads "An old friend added you as a friend of facebook." The email contains an attachment called "picture.zip" that is actually a trojan.

The body of the email contained a view of Facebook's login page with a notification that says an old classmate has requested to be your friend and, "To see her picture please check your attachment."


                                                                                                    Courtesy: Websense
Facebookmail.com is an official domain that Facebook commonly uses to notify its users of friend requests and events, the Websense alert said. It is unclear how the attackers spoofed the address.

Users might not think twice about clicking the attachment, said Ken Dunham, director of global response for iSight Partners, a global risk mitigation company.

"Big brand names like Facebook, MySpace, YouTube - those are trusted names that people are less likely to be concerned about," he told SCMagazineUS.com on Tuesday.

The email body contains Facebook's login screen and will take users there, lending to the legitimacy of the message. This technique is commonly used by phishers as a way to gain trust so victims do not think they are being duped, Dunham said.

A Facebook spokesperson did not respond to a request for comment.

Dunham suggested corporate IT departments inform and train employees to be suspicious of unsolicited email.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Security foundation also warns of Netis router backdoor

Trend Micro first alerted the public to the backdoor affecting Netis and Netcore brand routers.

FBI, Apple investigate celebrity photo hacking incident

FBI, Apple investigate celebrity photo hacking incident

Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.