Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

Summary: Malicious attackers are currently spamvertising two separate malware campaigns, enticing end users into downloading and executing malicious file attachments.

SHARE:

Malicious attackers are currently spamvertising two separate malware campaigns, enticing end users into downloading and executing malicious file attachments.

- Spam is sent from your FaceBook account

The first campaign is a variation of last week's Spamvertised 'Facebook. Your password has been changed!' emails lead to malware campaign, and is once again impersonating Facebook on its way to social engineer end users.

Sample subject: Spam is sent from your FaceBook account

Sample message: Dear client, Spam is sent from your FaceBook account. Your password has been changed for safety. Information regarding your account and a new password is attached to the letter. Read this information thoroughly and change the password to complicated one. Please do not reply to this email, it's automatic mail notification! Thank you. FaceBook Service.

The malware is detected as Mal/BredoZp-B.

- I'm going to send you the Photos in

The second campaign is relying on out of the blue photos notification, using password-protected .zips (DSC0173519.zip) containing the DSC0173519.exe executable.

Not surprisingly, these campaigns and their related variantions (Spamvertised Post Office Express Mail (USPS) emails lead to malware; Spamvertised DHL notifications lead to malware) are resulting in an increased growth in ZIP file attachments, which vendors contribute to the intensifying campaigning of the Bredolab gang.

Users are advised to avoid interacting with malicious file attachments or links found in spam emails in general.

Topics: Social Enterprise, Malware, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • RE: Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

    "which vendors contribute to the intensifying "

    Attribute to?
    dieseltaylor
    • RE: Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

      @dieseltaylor <a href="http://cupu.web.id/pulauweb-web-hosting-murah-indonesia/">Pulauweb Web Hosting Murah Indonesia</a>
      <a href="http://cupu.web.id/blogger-nusantara-blogpreneur-indonesia/">Blogger Nusantara Blogpreneur Indonesia</a>
      upinson
  • got it

    thx
    hankhallmeyer
  • RE: Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

    I've seen things like this as well. The good thing is that I NEVER open them, and the funny thing is, that when you read this type of thing, all you have to do is look at the second rate English that is being used. That's gotta be the first RED FLAG for anyone. Spammers are quite well known for not being able to spell correctly and for using broken English. You'd think that the Facebook crowd would figure this out if they are savvy enough to be able to spell correctly and use proper English.
    jayngel.cat@...
  • RE: Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

    Pity we can't have a screening device that blocks all grammatically incorrect messages. Add on the ability to screen out bad spellers and Voila! no more idiot communications. Just think of how much internet traffic would be totally eliminated and how many of these annoying people would be effectively gagged by such a filter. Perhaps we could induce the public to write in full sentences once again and rescue the english language from being reduced to inane "acronym-speak".
    I live for the day when OMG and LOL and all their 3 letter relatives become passe'.
    glopuntia
  • RE: Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih
  • RE: Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

    Just think of how much internet traffic would be totally eliminated and how many of these annoying people would be effectively gagged by such a filter. Perhaps we could induce the public to write in full sentences once again and rescue the english language from being reduced to inane....congratulations for the work
    <a href="http://www.e-arcondicionado.com/">Ar Condicionado</a>
    <a href="http://www.webdocorpo.com.br/massagistas">Massagista</a>
    <a href="http://www.acompanhantes.org/">Acompanhantes</a>
    acompanha
  • RE: Malware Watch: 'Spam is sent from your FaceBook account'; Spamvertised malicious photos

    Nice to know that...
    <a href="http://www.acompanhantessaopaulo.com.br/">acompanhantes sao paulo</a>
    <a href="http://www.acompanhantessaopaulo.com.br/garotas-de-programa-sp">garotas de programa sp</a>
    weblaranja