Facebook Trojan Alert

Websense Security have discovered a new malicious social-engineering spam campaign masquerading as official emails sent by the popular Web 2.0 social-networking site, Facebook. The email is spoofed to appear from the domain facebookmail.com, an official domain used by Facebook for their outbound emails when notifying their users of an event. 

It is common for Facebook to send an email to notify their users when another Facebook user adds them as a friend on the social network. However, the spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse. 

A login page to Facebook is included in the body of the email. However, an examination of the HTML form’s source code shows that it was indeed passing the user name/password to Facebook itself. This may be to increase the legitimacy of the email to evade reputation-based spam filters. 

To protect against these type of phishing attacks and to block access to social networking sites in general, please contact us for simple solutions.



Found this article helpful?


Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!