Fake Facebook Cancelation E-mails Deliver Malware


Sophos' Graham Cluley is warning of e-mails that claim to confirm the cancelation of the recipient's Facebook account. "The social engineering being used by the tricksters behind this malware attack is pretty cunning," Cluley writes. "They know that people value their Facebook accounts highly, and many would be upset to lose access to them and the digital connections they have built up with friends and family. The hope of the cybercriminals is that victims will blindly agree to whatever the computer tells them to do, in order to 'fix' the account cancellation request.'"

"What makes this particular scam a little more dangerous than others is that the link goes to a Facebook.com address, which may encourage recipients to treat it as valid, although it actually takes them to a third-party application," writes AllFacebook's David Cohen. "That app tries to hound recipients into installing an unknown Java applet, persisting even after the 'no thanks' button is clicked. Those who continue receive a message that Adobe Flash must be updated. Of course, rather than a Flash update, files are added to users’ WIN32 folders, which enable remote spying and hacking."

"Identified by Sophos as Mal/SpyEye-B and Troj/Agent-WHZ, the pieces of malware are designed to allow the attackers to remotely gain control over the infected device and spy [on] the victim’s activities," writes Softpedia's Eduard Kovacs.

"Malware distributed through the recently-gone-public social media site is certainly nothing new," notes Kaspersky's Christopher Brook. "Hackers have used Facebook to exploit users via like-jacking, virus-tainted spam and countless other techniques that aim to wrestle users’ sensitive information away from them since the site’s inception."