This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Second Facebook spam email campaign detected this week

Share this article:

A new email threat has been identified that poses as being from Facebook.

Security firm Red Condor identified the second email threat in as many days that claims to be from Facebook administrators. This includes a link to a spoofed Facebook login page, which prompts users to reveal personal information and then download a banking Trojan Downloader.

After a user enters their credentials, they are prompted to download ‘updatetool.exe' which has been detected as a Zbot Trojan variant. The company claimed that the spoofed Facebook login page is fairly sophisticated and uses ‘www.facebook.com' in the sub-domain portion of the malicious URL.

As a result, people with small screen resolution or small browser windows/address bars may think that they are on the Facebook login page. At the time Red Condor Spam Trigger detected the threat, only one-third of anti-virus engines had detected it.

Dr. Tom Steding, chief executive officer of Red Condor, said: “Given the comfort level that millions of users have with Facebook, we want to make sure that everyone knows that there are multiple spoofed Facebook emails hitting inboxes, and that the blended threat email we are warning about is different than the one many media outlets have already reported.

Facebook has become phenomenally popular, which makes it a prime target for spammers and cybercriminals. Unprotected email users need to be increasingly aware of the variety of threats that will come to their inboxes posing as legitimate messages. This blended email threat is an interesting twist that seems to have baffled a number of AV engines.”

Jamie Tomasello, Cloudmark's abuse operations manager, said: “The last three days have seen a sharp uptick in social engineering, as one or more of the malware distributors are, once again, playing on the popularity of Facebook to convince people to open their email.

“Emails with the subject ‘Facebook Password Reset Confirmation' have been flooding inboxes over the last few days, enticing people to open a zip file which purportedly contains the user's new password.

“I cannot stress enough – these emails are not coming from Facebook, and they do not mean that your Facebook account has been taken over, or that someone is trying to get your password. Facebook, unfortunately, is just another victim here; they can't stop bad guys from using their name to dangle as bait in front of you.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

1 in 5 corporate networks host child sex abuse content

1 in 5 corporate networks host child sex ...

One in five companies have someone who has downloaded child sex abuse images at work. But in just 3.5 per cent of cases this has led to a criminal investigation ...

UK's Racing Post leaks 677,000 customer names and passwords

UK's Racing Post leaks 677,000 customer names and ...

SQL injection to blame for Racing Post incursion

NSA has 850 billion pieces of searchable metadata

NSA has 850 billion pieces of searchable metadata

The National Security Agency (NSA) is reported to have developed its own search engine to sift through the billions of phone calls, emails and other electronic communications it harvests and ...