Another Facebook Spam E-Mail Detected
Facebook users are asked to beware of a malicious e-mail, which purports to be from Facebook administrators, reported Help Net Security on October 29, 2009.
Also, the e-mail, besides being part of a phishing campaign, carries a nasty Trojan that steals the user's banking information. Incidentally, the new phishing e-mail attack has come to the notice of Red Condor, a Web security company.
Particulars about the attack suggest that a web-link embedded on the spam mail redirects recipients to a hoax login page of Facebook that solicits account information from thethem. However, when all the credentials are entered, the page subsequently prompts the user to download "updatetool.exe" that's actually Trojan Zbot variant.
Red Condor stated that phishers have crafted the spoofed page, apparently to log on to Facebook, in quite a sophisticated manner. Consequently, users operating on screens of small resolution or browser address bars/windows of small size might believe that the login page is real.
Chief Executive Officer Dr. Tom Steding of Red Condor stated that considering the great ease which innumerable Facebook users enjoyed browsing the site, the security company wanted to be sure that all users were aware of the various hoax Facebook e-mails that were knocking mailboxes and that the latest spoofed e-mail was different from those that media sources had previously reported. Prlog.org published this on October 29, 2009.
Further according to Red Condor, when its research team first spotted the hoax e-mail, merely a third of all anti-virus engines had detected the embedded Trojan.
Additionally, Jamie Tomasello, Abuse Operations Manager, Cloudmark, said that the Facebook scam yet again resulted in a social engineering spike, since malware purveyors were repeating their exploitative tactics with Facebook's popularity to persuade e-mail users towards opening their malicious e-mails. SCMagazine reported this on October 29, 2009.
In the meantime, another Facebook spam e-mail has been uncovered that contained the Trojan malware Bredolab.
Apart from this, specialists of Internet security stated that the social network still doesn't enforce the use of HTTPS in place of HTTP in its URL, implying that phishing pages impersonating Facebook have more scope to succeed.
Related article: Another Worm Using Bush’s Theme Creeps Into PCs
» SPAMfighter News - 10-11-2009