There is no stopping the abuse of social networking sites and an endless reign of social engineering tactics in email campaigns, be it spam or malicious. Facebook seems to be a favourite for most attackers as it has a huge user base, and attackers are almost guaranteed to get their message propagated quickly.
Websense customers are proactively protected against these threats by the real-time protection in our Advanced Classification Engine (ACE).
This particular campaign is yet another rogue AV. Here a user is presented with an email message which suggests opening the attached zip file, in order to retrieve a newly-created password due to supposed changes made to the user's Facebook account.
The header details show the real source and origin of the email as the display name is the only relation to Facebook.
The zip file contains an icon for a PDF document, which is misleading as it is actually a Windows executable. When the user double-clicks this downloader, a rogue AV application is downloaded and launched which scares the user into thinking their machine is infected.
As a result of being scared into thinking their computer might have been infected, the user is lured into going ahead with the rogue AV's instructions to disinfect the machine.
The installation carries out a series of scans with fake detections to make it more convincing to the user.
The next stage offers the user the opportunity to remove the threats of the fake detections carried out by the rogue AV.
When this is selected, the user is then presented with the alert that the rogue AV is not registered and to do so requires the user's credit card details. This is where the phishing for information takes place.
Currently we have seen over 240,000 of these email messages through our Websense Hosted Email Security product, and according to VirusTotal about 65% of anti-virus products detect the file attachment.
View full post on Security Labs
Related Posts
- This is how hacker steal your Facebook password
There's many attackers out there who want to steal your credential information. And no doubt, Facebook as one of the largest Social Networking sites in the world, always been a target of attack from t... - Spammed IM Link to Fake Facebook Image Leads to Malware
Advanced threats researcher Jonell Baltazar recently spotted an instant message that contains a link to a malicious page.
The use of instant messages to spread malware is no longer new; neither... - Malware spreading via ‘Facebook Password Reset Confirmation’ email
Facebook users are once again under attack. A new variant of Bredolab Trojan is spreading through spam email messages appearing to come from Facebook.
The messages pretend to come from the &ld... - Facebook Password Reset Confirmation Spams
Be careful of the new round of spams about Facebook Password Reset Confirmation. From: The Facebook Team <service@facebook.com>Subject: Facebook Password Reset Confirmation.Mail body:Hey gt ... - Malicious Spam on the increase again
Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion o... - The Royal Wedding and The Fake Antivirus
The Royal Wedding of Prince William and Catherine Middleton that will be held tomorrow, on April 29, will attract the attention of many people around the world, and has become a trending topic on vari... - Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate... - Facebook’s two-factor authentication announcement raises questions
Amid mounting criticism of Facebook's attitude to its users' privacy and safety, the social network has announced that it is introducing a two-factor authentication system in an attempt to prevent una... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Facebook Password Has Been Changed…NOT!
We've already seen spam campaign theme that uses one of the famous Social Networking sites, Facebook. Like, Facebook Password Reset Confirmation, New login system, and Facebook updated account agreeme...
Posted on 18 September 2010. Tags: Facebook, Fake, leads, password, Reset, rogue
