I’ve identified a bogus Facebook notification entitled “Blocked account,” which is currently making the rounds in an attempt to spread a piece of scareware.
The emails warn recipients that their accounts have been blocked “due to suspicious activity.” In order to unblock them, users are urged to click on a link that apparently points to facebook.com.
In reality, the link takes victims to a website where they’re presented with a picture which tells them that Microsoft Security Essentials has identified a number of potential threats.
If the image is clicked, the user is served a file called “freescan_2013.exe.” When executed, an application called “Win 7 Anti-Spyware 2011 Firewall” – which appears to scan the system for malware and other threats – is launched.
As with all pieces of scareware, the victim is informed that several threats have been found and they’re urged to activate the Win 7 Anti-Spyware 2011 application in order to get rid of them.
While such pieces of scareware that spread via fake Facebook notifications are not uncommon, this particular one, Freescan_2013.exe, is currently detected only by a handful of antivirus products.
Comprehensive security solutions are capable of blocking the threat from communicating with its command and control server, but they’re not able to remove it completely until its signature is added.
I advise users to be on the lookout for such fake Facebook notifications. You might be tricked into clicking on the link, but once you see that you’re not on Facebook.com and you’re being served a so-called security solution, be sure to close the site immediately and refrain from downloading anything.
Check out the image gallery to see what this malicious application looks like.