Cybercriminals spamvertise millions of bogus Facebook notifications, serve malware

by


Recently, cybercriminals spamvertised yet another massive email campaign, impersonating the world’s most popular social network – Facebook.

It was similar to a previously profiled spam campaign imitating Facebook. However, in this case the cybercriminals behind it relied on attached malicious archives, compared to including exploits and malware serving links in the email.

More details:

Sample screenshot of the spamvertised email:

Detection rate for the malicious archive: MD5: 0938302fbf8f7db161e46c558660ae0b – detected by 34 out of 43 antivirus scanners as Trojan.Generic.KDV.753880; Trojan-Ransom.Win32.Gimemo.arsu. Upon execution, the sample opens a backdoor on the infected host, allowing the cybercriminals behind the campaign to gain full access to the affected host.

Webroot SecureAnywhere users are proactively protected from this threat.

If users feel they received a bogus email that may not be coming from Facebook, they can alert Facebook by forwarding the message to phish@fb.com. In addition, users can check to see if their account has been compromised by visiting www.facebook.com/hacked.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Trackbacks

  1. [...] This isn’t the first time that we intercept a Facebook notifications themed malicious attack. During October, 2012, we intercepted two – “Bogus Facebook notifications lead to malware“; “Cybercriminals spamvertise millions of bogus Facebook notifications, serve malware“. [...]