Beware: For Installing Malware, Spammers Using Facebook Photo Email Notifications

Posted on Aug 29 2012 - 5:18am by Editorial Staff

You open your inbox and found an email saying Facebook friend added a new photo of you. Well, if you get the one, do not open it and simply ignore it and check Facebook yourself. The email is actually a new scam in which spammers’ sends users an email saying that someone added a new photo of you to a Facebook album.

The attack was spotted first by Sophos (via The Next Web), detects the malware as Troj/Agent-XNN. The email, which claims to come from the social networking giant, includes a 61KB malware threat which copies itself to “C:\Documents and Settings\All Users\svchost.exe” and adds itself to your Windows registry, masquerading as a Sun Java updater.

The e-mail subject is typically something along the lines of “Your friend added a new photo with you to the album” (though cybercriminals can easily alter it) and appears to come from an e-mail like “notification+kjdm-dj-hud_@facebookmail.com” (again, this can be changed). The attached file is named “New_Photo_With_You_on_Facebook_PHOTOID[random].zip” where “random” is a generated number.

The e-mail body says in simple words, but don’t believe else you will be the next victim of this scam:

Greetings,

One of Your Friends added a new photo with you to the album.

You are receiving this email because you’ve been listed as a close friend.

[View photo with you in the attachment]

Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

About the Author
Editorial Staff

Editorial Staff at I2Mag is a team of subject experts led by Karan Chopra.