This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Second Facebook spam email campaign detected this week

Share this article:

A new email threat has been identified that poses as being from Facebook.

Security firm Red Condor identified the second email threat in as many days that claims to be from Facebook administrators. This includes a link to a spoofed Facebook login page, which prompts users to reveal personal information and then download a banking Trojan Downloader.

After a user enters their credentials, they are prompted to download ‘updatetool.exe' which has been detected as a Zbot Trojan variant. The company claimed that the spoofed Facebook login page is fairly sophisticated and uses ‘www.facebook.com' in the sub-domain portion of the malicious URL.

As a result, people with small screen resolution or small browser windows/address bars may think that they are on the Facebook login page. At the time Red Condor Spam Trigger detected the threat, only one-third of anti-virus engines had detected it.

Dr. Tom Steding, chief executive officer of Red Condor, said: “Given the comfort level that millions of users have with Facebook, we want to make sure that everyone knows that there are multiple spoofed Facebook emails hitting inboxes, and that the blended threat email we are warning about is different than the one many media outlets have already reported.

Facebook has become phenomenally popular, which makes it a prime target for spammers and cybercriminals. Unprotected email users need to be increasingly aware of the variety of threats that will come to their inboxes posing as legitimate messages. This blended email threat is an interesting twist that seems to have baffled a number of AV engines.”

Jamie Tomasello, Cloudmark's abuse operations manager, said: “The last three days have seen a sharp uptick in social engineering, as one or more of the malware distributors are, once again, playing on the popularity of Facebook to convince people to open their email.

“Emails with the subject ‘Facebook Password Reset Confirmation' have been flooding inboxes over the last few days, enticing people to open a zip file which purportedly contains the user's new password.

“I cannot stress enough – these emails are not coming from Facebook, and they do not mean that your Facebook account has been taken over, or that someone is trying to get your password. Facebook, unfortunately, is just another victim here; they can't stop bad guys from using their name to dangle as bait in front of you.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.

Hackers smuggle out stolen data disguised as videos

Hackers smuggle out stolen data disguised as videos

Around a dozen organisations, including at least one financial sector company, have been hit by a new form of hacking where attackers hide stolen corporate data inside video files that ...