Facebook Password Reset Confirmation Email Scam Alert
March 20, 2010 | Filed under Security;
Recently we have been constantly getting a lot of emails from The Facebook Team (email@example.com) or Your Facebook Team (firstname.lastname@example.org) few times a day which is getting really a bit annoying. The message body will look like something below with the attachment is usually in ZIP file with the filename Facebook_details_443.zip or Facebook_details_577.zip. Basically this email is to tell you that Facebook has reset your password and wants you to open the attachment file.
Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
For an advanced computer user, they can tell that this is a scam because first of all, no websites would ever send your password without you requesting for it. Moreover when you open the ZIP attachment, the file inside is an executable (EXE) file which normally spells danger.
Although it is not a tricky scam email, many people will still fall for this trick since Facebook is the most visited website daily by people all around the world. There will be some computer illiterate users that will think that it is real and end up running the malware. This malware is constantly being morphed and scanning the attachment that we’ve just received in Virustotal shows only 13 out of 40 antivirus detected it as a threat.
When run the executable attachment, it adds its own process to winlogon startup, and downloads a fid.exe file from a russian website which currently only 11 out of 40 antivirus is able to detect it as a threat. This spreading malware is made to steal passwords and also to log your keystrokes. Be warned about this facebook password reset confirmation email scam and delete the email immediately without opening.