Did you just get an e-mail saying your Facebook friend added a new photo of you? Ignore it, and check Facebook yourself. Scammers are sending out e-mails saying that someone has added a new photo of you to a Facebook album. The spam, which claims to come from the social networking giant, includes an attachment that installs malware on your computer.
The e-mail subject is typically something along the lines of “Your friend added a new photo with you to the album” (though cybercriminals can easily alter it) and appears to come from an e-mail like “firstname.lastname@example.org” (again, this can be changed). The attached file is named “New_Photo_With_You_on_Facebook_PHOTOID[random].zip” where “random” is a generated number.
Sophos, which first spotted the attack, detects the malware as Troj/Agent-XNN. The 61KB threat copies itself to “C:\Documents and Settings\All Users\svchost.exe” and adds itself to your Windows registry, masquerading as a Sun Java updater. In this way, the malware ensures it starts up when you boot your PC.
The e-mail body is straightforward, but don’t believe what it says:
One of Your Friends added a new photo with you to the album.
You are receiving this email because you’ve been listed as a close friend.
As you can see in the screenshot below, the spammers have even tried to mimic the blue Facebook design to dupe victims:
As a general word of caution, don’t open attachments in e-mails or click on links in them unless you are absolutely certain that the sender is who you think you are. I have contacted Facebook Security about this scam, but you should warn your Facebook friends as well.
Image Credit: stock.xchng