Security researchers from M86 Security Labs, have intercepted a spamvertised malware campaign using bogus Facebook notifications as a social engineering element.
Spamvertised through the Cutwail botnet, the malware campaign is impersonating Facebook in an attempt to trick users into clicking on a bogus Facebook notification message. However, the HTML source of the email reveals a link to a malicious iFrame leading to the BlackHole web malware exploitation kit. Upon clicking on the link, the exploit kit will check for remotely exploitable client-side applications and browser plugins, and serve the malware.
Users are advised not to interact with suspicious emails, or spam emails in general.