The next time you hit a link in an email seemingly from Facebook, spare a moment to read it. A malware has been reportedly targeting Facebook users by asking them to click a link in an email to view their photo on Facebook. Once someone has clicked on the link, it takes the victim to malware-ridden pages. SophosLabs recently managed to detect what it refers to as “a spammed-out email campaign” that had been initiated to infect computers of the recipients of such emails. On the face of it, the email looks like one from Facebook. It is only upon closer inspection that the bluff gives away.
See what's wrong?
Look carefully at the e-mail image above. While it may look like an absolutely harmless piece of information asking you to click on the link; closer inspection would reveal that the 'from' address misspells Facebook as Faceboook. If you do not spot the anomaly and click on the link, you will not be directed to a website with malicious iFrame script. Sophos reveals the script “takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware”.
To keep the user in the dark further, the browser redirects within four seconds to the Facebook page of any other innocent user via a Meta redirect. SophosLabs have added detection of the malware as Troj/JSRedir-HW. At the moment, SophosLabs is still investigating on the malware, and will reveal details as soon as they're known. However, users are being urged to be more cautious when online.
Yesterday, reports about yet another malware had surfaced. Here, Sophos had pointed out that a malware attack had taken place and it was in an email in French attached with intimate photos that appear as if sent from Facebook. Here, miscreants tried to play havoc by alluring netizens to click on such photos, and have even been successful in getting people to click on them. Such instances are not new and in the past inboxes have been spammed with topless supermodel photos to spread Mac malware, or photos of an English football star caught in the act with a prostitute.
At the moment though, caution seems to be the only solution. In this latest instance, SophosLabs added that even if a user missed spotting the extra 'o' in Faceboook, he could have smelt rat by hovering their mouse over the link. With the malware, ranging in intensity finding ways to seep into systems, users need to be more cautious, lest their precious security is compromised by miscreants.