It has been reported recently that at least two new spam campaigns aimed at Facebook and MySpace users have been launched. Actually, social network users have long been more at risk than others when it comes to computer infections. It is easy to understand as they represent a very large and sometimes uneducated user base when it comes to computer security. This time, both campaigns rely on infected email attachments.
Like many spam and phishing campaigns, these two new types of emails use social engineering to lure users into downloading a malicious file that will infect the victim's computer. Besides the title, header and signature, both emails use the same text (screenshots available on Malware City):
"Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document." The attached document in question is a ZIP file called "Facebook_document_9757.zip" for the Facebook spam message and simply "password.zip" for the MySpace one. While both contain malicious files, they are not the same.
The Facebook ZIP archive contains Trojan.Oficla.J, a Trojan horse that installs a backdoor on the system. This backdoor can then be used by a malicious remote user to infiltrate the victim's computer and install more damageable malware like keyloggers or worse.
While this one is a certain nuisance, it goes covert compared to the malicious file comprised in the MySpace email attachment. This one is a rogue antivirus program, malware that acts like antivirus software, warning the victim that his or her computer is infected and that they should install the provided "antivirus software" to get rid of the alleged threat. Clicking on any of the buttons of the pop-up windows results in fake installation and scanning windows to show up. Victims are then asked to pay for acquiring or renewing their license for the fake antivirus, which actually does nothing but maybe further infecting the computer.
To keep safe from these threats and many others, never download an email attachment which you are not entirely sure to be safe. Also keep in mind that the large majority of decent companies will never send any attachment with their emails. So when you come in front of situations like this one, ask yourself if you should really trust the email.
|
