Malware-Tainted E-mails Purport to be from Facebook

Renowned security company ThreatTrack Security recently spotted one intriguing malware dissemination scheme, which capitalizes on Facebook's deactivation of a few members' accounts, following an Abode breach, which lately helped access the passwords and e-mail details of some 38m end-users.

The malware-laden electronic mails masquerade as Facebook messages while depicting a header "You requested a new Facebook password."

They greet the recipients with a 'Hello' and inform that they've got one secure message. The particular message will ask them for viewing a given file else downloading it onto their PCs. The e-mails having certain standard Facebook designs along with one spoofed "From" id suggest downloading the file prior to viewing the same. The attached file named Facebook-SecureMessage.zip should be opened for perusing the secure message, the e-mails conclude.

Sadly, if anyone believes the e-mail and follows the instructions in it, he'll download one executable known as Transaction_{_tracking}.exe from the attachment which will first gather the system's details, alter the setting and policies of the local firewall, seize confidential information when the system has an active browser, and make sure it remains all the time so it'll run whenever Windows OS is started.

ThreatTrack Security's researchers disclose that the message body of the e-mail is into existence starting November 2012 if not earlier, while hitherto its utilization has been when focusing on customers of the CitiBank, HSBC and KeyBank financial institutions.

Interestingly, the cyber-crooks have modified the e-mail scam towards making it appear as Facebook messages immediately after the social-networking site began informing certain members that they required resetting own passwords.

Actually Facebook, on examining the data that got exposed when hackers breached Adobe, suggested those users to set one fresh password that used a common one for Adobe and Facebook.

Jay Nancarrow Spokesperson for Facebook, while asserting that the website isn't associated with the ongoing scam against its members, stated that the company always monitored for situations wherein Facebook's users might get endangered despite when the attack happened from outside. During such times, Facebook tried helping impacted users make their accounts secure, Nancarrow explained. Tripwire.com published this dated November 11, 2013.

» SPAMfighter News - 11/21/2013