'Hey User Your Facebook Account Has Been Closed!' Bogus Message Leads to Encrypted Malware

The recent rash of Facebook hoaxes, scams and malicious links, have entered into overdrive as the latest scheme displays a fake notification leading to a nasty encrypted malware infection cocktail on your system.

Among the ever-so-growing amount of scams circulating on the billion-plus user Facebook social network is one that comes about as a Facebook message stating 'Hey [user] Your Facebook Account Has Been Closed!' This particular message is misleading as you would guess, but some victimized Facebook users have taken the notification for its face value.

Through this 'Hey [user] Your Facebook Account Has Been Closed!' message, users are instructed to download and execute an attachment to supposedly unlock their Facebook account. Little do they know, the file is a cocktail of encrypted malware that generates traffic to what appear to be legitimate websites.

The add insult to injury, the bogus Facebook message's malware file will later load a message stating 'Your Facebook connection is now secured! Thank you for your support!' as shown in Figure 1 below. This message is more of a filler to signify the user successfully adhered to the initial Facebook message, which really didn't happen.

Figure 1. Bogus 'Your Facebook connection is now secured! Thank you for your support!' message after infection - Source: blog.avast.com

The malware, which first appeared to be a common threat that creates web traffic to generate money for hackers, has a much more complex structure to it. Underneath the hood of the malware cocktail infecting systems through a Facebook scam message, you will discover complex coding structures. This coding is encrypted data that may unleash actions to load entries on your Windows registry among other mischievous actions.

It is in any computer user's best interest to promptly identify this threat resulting from the bogus Facebook message and utilize antispyware software to remove it.