14 DAY TRIAL // According to Sophos, company that specializes in endpoint security and control solutions, spam messages have started to circulate informing users (erroneously of course) that popular social networking site Facebook is used by the FBI in an effort to track people down.
In order to get you hooked and open the spam message, catchy subject titles have been used, such as "F.B.I. may strike Facebook; F.B.I. watching us; The FBI has a new way of tracking Facebook; Get Facebook's F.B.I. Files". At this point you should immediately delete the message, but if you are curious about the text content within it, here it is: "Your download will start shortly. If you are unable to read the article, save it in and run on your computer."
An unwary user will believe the spam's subject line and will undoubtedly want to see the news, except that the download will never commence. The user will then click on the link and "save it in", but instead of an .avi or .mpeg, or whatever other format, fbi_facebook.exe will be downloaded on the machine. The threat has been identified by Sophos as Mal/Dorf-O, a member of the Dorf family, and all Sophos security software solutions provide adequate protection against it.
"The malware and spam messages changed very little even though the topics and websites were updated regularly. The malware is proactively detected as Dorf-O and the spam messages are proactively detected by published antispam rules," says Sophos.
Three other Storm related spam campaigns have been reported over the course of this month. The first was on the 4th of July, when it came as no surprise to anybody that the Storm celebrated the American Independence Day by trying to infect users. A few days later, Storm was once again trying to turn our machines into zombies by sending out spam which claimed the US army had invaded Iran. The most recent campaign played on people's fears that the worldwide financial situation is getting worse.