Security Alert: Facebook Password Reset Confirmation Email Contains Virus
Yesterday a colleague of mine forwarded me an email that she had got in the name of another colleague. The title of the email was “Facebook Password Reset Confirmation”. The reply-to address was given as service@facebook.com which was a little strange because whenever I get a mail from facebook, the domain is always facebookmail.com. I got suspicious and decided to investigate the issue.
Upon looking into the mail closely, there was an attachment named Facebook_Password_3eb0e.zip. To this point I was sure that this was a virus or something. I uploaded the attachment to virustotal.com which is a service which scans the file through all major antivirus systems. You can see the results by going to the following link:
Virus Total Results For Facebook Virus
You can see that most of the antivirus systems have identified the Facebook_Password_3eb0e.zip file as a trojan.
So what does this trojan do? Upon opening and running Facebook_Password_3eb0e.zip, it will call rogue anti spywares and will inject its own code in legitimate Windows processes like svchost.exe. And a lot of other things things to infect the system fully.
And how did it manage to send it from my friend’s facebook account? Most probably, your friend’s account has been compromised. Facebook is aware of the situation and advises to change the password of your facebook account immediately if it has been sent from your account or if it is from your friend’s account, ask them to change their passwords immediately and scan their computers with an up to date antivirus.
For further reading about this issue, please follow:
"facebook security code", cache:npia9rprsduj:www.technize.com/2009/10/30/security-alert-facebook-password-reset-confirmation-email-contains-virus/ confirmation code for facebook, confirmation code facebook, confirmation reset code, confirmation@facebook.com, email confirmation facebook, facebook confirm email, facebook email confirmation, facebook email virus, facebook password email, facebook password reset, facebook password reset confirmation code, facebook password.zip, facebook reset code, facebook reset confirmation code, facebook reset page, facebook security alert, facebook security alert email, facebook security code email, facebook security code not working, facebook security codes, facebook virus, facebook will not accept security code, facebook.com/confirmemail, facebookresetpage, facebook_password.zip, faicebook.com, http://www.facebook.com/confirmemail.php, http://www.facebook.com/help.php?page=420, kode reset facebook, pushdo, reset facebook account, security code facebook, tot, trojan, virus, web archive org http facebook confirmemail, why should websites have confirmation email for password change, www.facebook password confirmation reset code.com, www.facebook.com/confirmation, www.facebook.com/confirmemail, www.facebook.com/confirmemail.php?, www.facebook.com/resetpage, www.facebookconfirmemail.com
Yeah pretty much anybody you don’t know that sends you a zip file you can be sure it’s some form of malware. I’ve gotten them from “UPS”, “My Boss”(I am self employed and certain I didn’t send it), “Ebay”, etc. I never bother with identifying them unless I’m checking out new security software on my test box.
@Squirly
Exactly. But if the mails apparantly seems to come from a reliable source like facebook, people tend to trust it and open the attachment. That’s where this trojan’s success starts.
I would argue that facebook is definetly NOT a reliable source.
@Squirly
Definitely not for us. I even don’t trust big domains like dell, ibm, microsoft etc but it surely is a reliable source for those who frequent to facebook. It’s like when you’re getting a lot of emails from the same domain, your brain tends to trust that source and that’s what happens when social networking sites most of the time that they are used as a camuflague for new viruses and malware.
I think they are fishing.. I have a facebook account but recived this same email on my work email. a totally diffrent and not even close to my facebook account. So that would lead me to think that they are just mass-emailing to see who will bite.
It is always a best pratrace to always be wary of any email attachment. I don’t care who it is from. If you are not expecting one. then alway scan it.
@dewm
also when in you are not sure most sites have a spoof check that you can forward the email to and they will tell you if it is from them or not.
ie…
spoof@ebay.com if you recive somthing about you ebay account and you think it is fake forward it to them and they will tell you.
I also found this on facebook Security page
http://www.facebook.com/help.php?page=420
Fake password reset emails
Some users have received fake password reset emails with attachments that contain viruses. Do not click on these emails or download the attachment. Also, please note that Facebook will never send you a new password as an attachment. To learn more visit our Security page: facebook.com/security
http://www.facebook.com/security
thank you for having such a great blog
hi please help me how to open my facebook but i forgot my password
i don’t know the confirmtion code
pllllllllllllllllllizzzzzzzzz
I cannot access to my account Need security code to help re-store my faccebook
I want a Subscription Code No. For Norton Internet Security.
my email is http://www.shawnaton@yahoo.com and my password is andra01
i cannot confirm my facebook please resent my confirmation code to confirm my facebook
i want my password on facebook
1883541602
1908906824
i forget my password what i do