Facebook Users Hit With Malware through Spoofed Email Messages Again

It seems like Facebook is a primary target for hackers and spammers sending spoofed email messages that spread malware. Lately malware has stricken Facebook through spoofed email messages that claim to offer a video, via a link, of a dancing woman/girl. Some of the infamous headlines of these spoofed Facebook email messages are "super beautiful girl dancing" and "dancing girl drunk in the pub".

These messages are sent to Facebook users where it may draw the curiosity of many and inclined to click on a link to view the video. If the user clicks on the link then the famous phishing tactic takes over where it promotes the user to update or download a new Adobe Flash Player. The file that is downloaded is identified as "Adobe_Player11.exe" which is an executable that infects the user with a malicious file. The malicious file is believed to allow a remote attacker to access the infected computer.

This reminds us of the infamous "fake video codec" infection method where many Trojans may use this process to install rogue anti-spyware programs. Simply put, a video codec download is promoted to be performed in order for a computer user to watch or access a particular video offered through a malicious link. Little does the computer user know that my downloading the video codec they will have infected their computer with malware instead of being able to watch a video.

Figure 1. Demonstrates what the spoofed Facebook message that contains links to malware looks like. (source: securitylabs.websense.com)

While many security researchers are very familiar with this tactic it continues to plaque many computer users around the world in the way that it infects them with malware. The recently reported spoofed Facebook email messages with the subject of a dancing girl is only another notch in the belt of these hackers who create such messages and malware parasites.

All computer users should be aware of this situation and never download an Adobe Flash Player through any source other than the Adobe.com website. If you are ever uncertain of a Flash Player Update it may be best to cancel the operation and navigate to http://www.adobe.com and download the update.

Have you ever been prompted to download an Adobe Flash Player or Adobe Flash Player update through a website other than Adobe.com? Was it found to be malware when you downloaded it?