14 DAY TRIAL // Security experts from Avast! have come across an interesting malware distribution spam campaign that exploits Facebook’s popularity.
It all starts with emails entitled “Hey <name> your Facebook account has been closed!” or “Hi <name> your Facebook account is blocked!”
The bogus Facebook emails instruct users to download and execute an attachment to unlock their accounts. Once the file is executed, the victim is presented with a message that reads: “Your Facebook connection is now secured! Thank you for your support!”
In the meantime, the malware steps into play.
What’s interesting about this particular threat is that its communications generate traffic to apparently legitimate websites. By using an algorithm that uses the value of the current time, a total of 32,768 domain names can be generated, each being a combination of dictionary words.
According to experts, this makes the malware more difficult to block.
A detailed technical analysis of this attack is available on Avast’s blog.