Did you just get an e-mail saying your Facebook friend added a new photo of you?
Ignore it, and check Facebook yourself. Scammers are sending out e-mails saying that someone has added a new photo of you to a Facebook album. The spam, which claims to come from the social networking giant, includes an attachment that installs malware on your computer.
The e-mail subject is typically something along the lines of “Your friend added a new photo with you to the album” (though cybercriminals can easily alter it) and appears to come from an e-mail like “notification+kjdm-dj-hud_@facebookmail.com” (again, this can be changed). The attached file is named “New_Photo_With_You_on_Facebook_PHOTOID[random].zip” where “random” is a generated number.
Sophos, which first spotted the attack, detects the malware as Troj/Agent-XNN. The 61KB threat copies itself to “C:Documents and SettingsAll Userssvchost.exe” and adds itself to your Windows registry, masquerading as a Sun Java updater. In this way, the malware ensures it starts up when you boot your PC.
The e-mail body is straightforward, but don’t believe what it says:
Greetings,
One of Your Friends added a new photo with you to the album.
You are receiving this email because you’ve been listed as a close friend.
[View photo with you in the attachment]
Facebook, Inc. Attention: Department 415 P.O Box 10005 Palo Alto CA 94303
As you can see in the screenshot below, the spammers have even tried to mimic the blue Facebook design to dupe victims:
As a general word of caution, don’t open attachments in e-mails or click on links in them unless you are absolutely certain that the sender is who you think you are.
Best Practices
Malicious applications won’t always follow the methods I’ve described in this article, so the best defense you can have is to always be aware of your digital environment. I’ll leave you with a few tips for staying safe on social networks:
- Don’t assume links and messages from friends are safe: Malware often takes advantage of the fact that you trust your friends. Keep an eye on links and messages from friends, and if in doubt, ask them if they actually sent you something. Most of the time they will have no idea their account has been spamming their friends.
- Watch the links you click: Fake applications put a lot of effort into looking legitimate, but many of them still carry tell-tale signs of being malicious. If you’re suspicious of a link, hold your mouse over it and look at the URL in your browser’s status bar. If the URL looks strange (i.e. long strings of random characters or pointing to a site outside of Facebook), think twice before clicking it.
- Expand shortened links: Short links are very popular on social networks, making it easier to share URLs. The downside is that you don’t necessarily know where the link will take you, so consider previewing your short URLs before clicking.
- If it’s too good to be true, it probably is: If see a link or message on Facebook that claims you can monitor who views your profile or provide other enticing information, there’s a good chance it’s a trap trying to lure you in.
- Stay updated – Many applications exploit vulnerabilities in your browser or operating system to gain access to your information. Stay safe by keeping your browser up-to-date and installing operating system updates when they are released.