Recently, cybercriminals spamvertised yet another massive email campaign, impersonating the world’s most popular social network – Facebook.
It was similar to a previously profiled spam campaign imitating Facebook. However, in this case the cybercriminals behind it relied on attached malicious archives, compared to including exploits and malware serving links in the email.
Sample screenshot of the spamvertised email:
Detection rate for the malicious archive: MD5: 0938302fbf8f7db161e46c558660ae0b – detected by 34 out of 43 antivirus scanners as Trojan.Generic.KDV.753880; Trojan-Ransom.Win32.Gimemo.arsu. Upon execution, the sample opens a backdoor on the infected host, allowing the cybercriminals behind the campaign to gain full access to the affected host.
Webroot SecureAnywhere users are proactively protected from this threat.
If users feel they received a bogus email that may not be coming from Facebook, they can alert Facebook by forwarding the message to firstname.lastname@example.org. In addition, users can check to see if their account has been compromised by visiting www.facebook.com/hacked.