Websense has detected a new malicious spam campaign masquerading as official emails sent by Facebook.
The facebookmail.com official domain has been hit by spammers who have included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse. The site is used by Facebook for their outbound emails when notifying their users of an event.
A login page to Facebook is included in the body of the email and according to Websense, further examination of the HTML form's source code shows that it was indeed passing the user name/password to Facebook itself. This may be to increase the legitimacy of the email to evade reputation-based spam filters.
The company has previously alerted on our discovery via our HoneyJax system about a viral Facebook phishing campaign, and thus would not be surprised if the login page presented was merely a fake front to a phishing site.