Facebook is undoubtedly the highest-profile social networking site around with more than 500 million active users, half of whom log in on any given day. It shouldn’t be a surprise therefore that its name is now being used for scams—even for things that don’t have anything to do with social networking.
Earlier this week, we received fake email messages that purportedly came from Facebook. These spammed messages, written in very bad English, warned users that their IP addresses were sending numerous spammed messages to different email addresses.
The spammed message also says that Facebook thoughtfully provided a freeware tool to stop the user from spamming others. Opening the tool, which the message calls FB IPsecure, shows:
Unsurprisingly, however, the tool is actually a malicious file. It is a ZeuS variant Trend Micro detects as TSPY_ZBOT.XXT. Given that malicious attachments are a favored way of spreading ZeuS variants, this isn’t really new. In terms of behavior, nothing separates this particular variant from others that are in the wild today.
Trend Micro products protect users by detecting the malicious file as well as by detecting and blocking this particular spammed message from landing in users’ inboxes. We also advise all users to be very careful about opening attachments from unknown people in general, as these are frequently malicious and may cause harm and infect their systems. In particular, messages that supposedly come from reputable sites like Facebook but contain plenty of grammatical and spelling mistakes should be treated as very suspicious.