Bogus Facebook emails pass trojans

Share this article:
Bogus Facebook emails pass trojans
Bogus Facebook emails pass trojans

Updated on Tuesday, Sept. 23 at 5:43 p.m. EST

A trojan-laden phish disguised as a message from the popular social networking website Facebook is making the rounds.

In an alert Monday, web security company Websense said that the email appeared to be sent by the domain facebookmail.com with a subject line that reads "An old friend added you as a friend of facebook." The email contains an attachment called "picture.zip" that is actually a trojan.

The body of the email contained a view of Facebook's login page with a notification that says an old classmate has requested to be your friend and, "To see her picture please check your attachment."


                                                                                                    Courtesy: Websense
Facebookmail.com is an official domain that Facebook commonly uses to notify its users of friend requests and events, the Websense alert said. It is unclear how the attackers spoofed the address.

Users might not think twice about clicking the attachment, said Ken Dunham, director of global response for iSight Partners, a global risk mitigation company.

"Big brand names like Facebook, MySpace, YouTube - those are trusted names that people are less likely to be concerned about," he told SCMagazineUS.com on Tuesday.

The email body contains Facebook's login screen and will take users there, lending to the legitimacy of the message. This technique is commonly used by phishers as a way to gain trust so victims do not think they are being duped, Dunham said.

A Facebook spokesperson did not respond to a request for comment.

Dunham suggested corporate IT departments inform and train employees to be suspicious of unsolicited email.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Russian hacker Seleznev ordered to remain in custody

Roman Seleznev's attorneys requested that the hacker be released on bond, but their pleas were rejected this past week.

Bug in iOS Instagram app fixed, impacts Facebook accounts

The vulnerability comes into play when Instagram users search for Facebook friends to "follow."

AP denied security docs on HealthCare.gov, a risk to private information

AP denied security docs on HealthCare.gov, a risk ...

The Associated Press was denied a request made under the Freedom of Information Act for documents that contain security information on HealthCare.gov.