Malicious attackers are currently spamvertising two separate malware campaigns, enticing end users into downloading and executing malicious file attachments.
- Spam is sent from your FaceBook account
The first campaign is a variation of last week's Spamvertised 'Facebook. Your password has been changed!' emails lead to malware campaign, and is once again impersonating Facebook on its way to social engineer end users.
Sample subject: Spam is sent from your FaceBook account
Sample message: Dear client, Spam is sent from your FaceBook account. Your password has been changed for safety. Information regarding your account and a new password is attached to the letter. Read this information thoroughly and change the password to complicated one. Please do not reply to this email, it's automatic mail notification! Thank you. FaceBook Service.
The malware is detected as Mal/BredoZp-B.
- I'm going to send you the Photos in
The second campaign is relying on out of the blue photos notification, using password-protected .zips (DSC0173519.zip) containing the DSC0173519.exe executable.
Not surprisingly, these campaigns and their related variantions (Spamvertised Post Office Express Mail (USPS) emails lead to malware; Spamvertised DHL notifications lead to malware) are resulting in an increased growth in ZIP file attachments, which vendors contribute to the intensifying campaigning of the Bredolab gang.
Users are advised to avoid interacting with malicious file attachments or links found in spam emails in general.