14 DAY TRIAL // Security researchers warn of a new wave of malicious emails that target Facebook users. The messages falsely claim that a fresh login system is being implemented, directs people to a phishing site and also attempts to infect them with malware.
This new spam campaign is interesting because it incorporates two different types of attacks into one. First, there is a phishing component, which attempts to trick Facebook users into exposing their login credentials. The lure used is the classic "system upgrade" one, in this case in the form of a new revamped login system.
"In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. […] Before you are able to use the new login system, you will be required to update your account," the emails, coming from @facebookmail.com addresses, read.
Visiting the included link will take users to a fake Facebook login page, where their email address is already filled in and they have to input their passwords. Once someone falls victim to the phishing trick, they are redirected to yet another page that encourages them to download a malicious file.
The file is called updatetool.exe and is advertised as an official Facebook utility for upgrading accounts. In reality, this executable installs a new version of the Zeus banking trojan, detected by Trend Micro as TROJ_ZBOT.CDX.
This is a great example showing just how cunning cybercriminals can be just to steal precious information. They even claimed to offer recipients security, which is really ironic. […] Don’t be just another victim. Keep in mind that cybercriminals will do just about anything to fool those who let their guards down," Verna Sagum, fraud analyst at Trend, advises.
At the end of October, we reported on a different malware distribution campaign also targeting Facebook users. Those emails masqueraded as Facebook password reset notifications and came attached with an installer for the Bredolab trojan.
