Sunday, May 19, 2019
Home / Malware / Malware spreading via Facebook photo tag notification

Malware spreading via Facebook photo tag notification

Be wary of emails claiming to be from Facebook, and saying that you have been tagged in a photograph.

Because it might be that you’re the next potential victim of a malware attack.

SophosLabs has intercepted a spammed-out email campaign, designed to infect recipients’ computers with malware.

Here is an example of what a typical email can look like:

Malicious email claiming to come from Facebook

Subject: Christine McLain Gibbs tagged a photo of you on Facebook
From: Facebook <[email protected]>

(Did you notice what was odd about the email? The ‘from’ address misspells Facebook as “Faceboook” with three “o”s)

If you click on the link in the email, you are not taken immediately to the real Facebook website.

Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware).

Malicious script

To act as a smokescreen, however, within four seconds your browser is taken via a META redirect to the Facebook page of a presumably entirely innocent individual.

Facebook page

SophosLabs is adding detection of the malware as Troj/JSRedir-HW.

You would have been protected from this threat if you had kept your wits about you, and always be sure to have updated security software and web applications.

Even if you didn’t notice that “Faceboook” had been spelled incorrectly, you could have recognized it by hovering your mouse over the link that it wasn’t going to take you directly to the genuine Facebook website.

If you don’t take the right steps to protect your computer, one day a cybercriminal might find the right social engineering trick to dupe you into do
wnloading something or visit a dangerous website.

SophosLabs says it is still investigating this attack on Facebook users, and we will publish any further information here in due course.


About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Megaupload plan to return after 5 years

The huge file-sharing website, Megaupload is scheduled to relaunch, five years after being raided and …