Did you just get an e-mail saying your Facebook friend added a new photo of you? Ignore it, and check Facebook yourself. Scammers are sending out e-mails saying that someone has added a new photo of you to a Facebook album. The spam, which claims to come from the social networking giant, includes an attachment that installs malware on your computer.

The e-mail subject is typically something along the lines of “Your friend added a new photo with you to the album” (though cybercriminals can easily alter it) and appears to come from an e-mail like “notification+kjdm-dj-hud_@facebookmail.com” (again, this can be changed). The attached file is named “New_Photo_With_You_on_Facebook_PHOTOID[random].zip” where “random” is a generated number.

Sophos, which first spotted the attack, detects the malware as Troj/Agent-XNN. The 61KB threat copies itself to “C:\Documents and Settings\All Users\svchost.exe” and adds itself to your Windows registry, masquerading as a Sun Java updater. In this way, the malware ensures it starts up when you boot your PC.

The e-mail body is straightforward, but don’t believe what it says:


One of Your Friends added a new photo with you to the album.

You are receiving this email because you’ve been listed as a close friend.

[View photo with you in the attachment]

Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303

As you can see in the screenshot below, the spammers have even tried to mimic the blue Facebook design to dupe victims:

As a general word of caution, don’t open attachments in e-mails or click on links in them unless you are absolutely certain that the sender is who you think you are. I have contacted Facebook Security about this scam, but you should warn your Facebook friends as well.

Image Credit: stock.xchng