Security software companies are advising consumers not to open zipped e-mail attachments from Facebook as it contains malicious software.
Click to enlarge |
The e-mail from ‘Facebook’ has “Facebook Password Reset Confirmation NR.xxxxx” as a subject and may contain the following text: “Hey, Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document. Thanks, The Facebook Team.” The email comes with a 48kb attachment.
According to BitDefender, instead of a new password, the zip file hides Trojan.Dropper.Oficla.G, a malware that contains malicious or potentially unwanted software which it ‘drops’ and installs on the system.
“Frequently, the dropper installs a backdoor which allows remote, covert access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the system,” said BitDefender.
Bitdefender has also found that the distribution of the spam messages carrying this piece of malware started on the evening of March 17th, 2010.
In a post by David Marcus from McAfee, he said that this spam has reached as high as No. 6 on its Global Virus Map’s Top 10, which tracks consumer detections worldwide.
“It even accounts for as much as 10 per cent of the infected email that our managed email SaaS unit is seeing. From the looks of the spams themselves they may be associated with the Cutwail or Rustock botnets, but that analysis is still ongoing,” added David.
In order to stay safe, users are advised not to open attachments coming from unknown contacts and to install antimalware software.