The deletion of legitimate accounts by Facebook administrators has led to a new wave of spam claiming to be from Facebook Support.
According to research by M86 Security Labs, earlier this week Facebook was attempting to delete fake or dubious accounts but due to a bug, deleted some legitimate accounts as well. In order to get their accounts reactivated, Facebook Support did send out legitimate messages to users asking for government issued identification, but this led to cyber criminals exploiting the situation by sending a message to Facebook users claiming to be from Facebook Support.
The message tried to convince the recipient to download the Sasfis downloader Trojan that, once on the system, is used to pull down other malware such as banking Trojans, fake anti-virus and keyloggers.
Ed Rowley, product manager of M86 Security, told SC Magazine that this is demonstrative of how quickly cyber criminals can be at latching on to a subject.
“As soon as news comes out that hits Facebook there is related spam. It comes back to the Trojan being refreshed, it contacts the command and control centre and updates the malware. It is all part and plan of the new way of working with malware,” he said.
According to a report by readwriteweb.com, Facebook confirmed that a bug found early today in its system is responsible for automatically disabling a number of accounts on the site. According to the company, those accounts were in the process of being reactivated.
A Facebook spokesperson told the website: “Earlier today, we discovered a bug in a system designed to detect and disable likely fake accounts. The bug, which was live for a short period of time, caused a very small percentage of Facebook accounts to be mistakenly disabled. Upon discovering the bug, we immediately worked to resolve it. It is now being fixed, and we're in the process of reactivating and notifying the people who were affected.”
Graham Cluley, senior technology consultant at Sophos, said that the messages have a variety of subject lines including: ‘Facebook Service. A new password is sent you'; ‘Facebook Support. Your password has been changed'; and ‘Facebook Service. Your account is blocked'.
He said: “It's possible that the attackers are attempting to exploit the problems many female Facebook users had this week when the social network disabled many accounts by accident. Do not forget, you should always be extremely suspicious of any unsolicited email which arrives out of the blue, encouraging you to open an attachment.”