Security Alert: Facebook Password Reset Confirmation Email Contains Virus

Yesterday a colleague of mine forwarded me an email that she had got in the name of another colleague. The title of the email was “Facebook Password Reset Confirmation". The reply-to address was given as service@facebook.com which was a little strange because whenever I get a mail from facebook, the domain is always facebookmail.com. I got suspicious and decided to investigate the issue.

Upon looking into the mail closely, there was an attachment named Facebook_Password_3eb0e.zip. To this point I was sure that this was a virus or something. I uploaded the attachment to virustotal.com which is a service which scans the file through all major antivirus systems. You can see the results by going to the following link:

Virus Total Results For Facebook Virus

You can see that most of the antivirus systems have identified the Facebook_Password_3eb0e.zip file as a trojan.

So what does this trojan do? Upon opening and running Facebook_Password_3eb0e.zip, it will call rogue anti spywares and will inject its own code in legitimate Windows processes like svchost.exe. And a lot of other things things to infect the system fully.

And how did it manage to send it from my friend’s facebook account? Most probably, your friend’s account has been compromised. Facebook is aware of the situation and advises to change the password of your facebook account immediately if it has been sent from your account or if it is from your friend’s account, ask them to change their passwords immediately and scan their computers with an up to date antivirus.

For further reading about this issue, please follow:

Facebook Security Advice

CNET News

M86 Security

Popular Posts Lik This:

137 thoughts on “Security Alert: Facebook Password Reset Confirmation Email Contains Virus

  1. Squirly

    Yeah pretty much anybody you don’t know that sends you a zip file you can be sure it’s some form of malware. I’ve gotten them from “UPS”, “My Boss”(I am self employed and certain I didn’t send it), “Ebay”, etc. I never bother with identifying them unless I’m checking out new security software on my test box. 🙂

  2. Sanix Post author

    @Squirly
    Exactly. But if the mails apparantly seems to come from a reliable source like facebook, people tend to trust it and open the attachment. That’s where this trojan’s success starts.

  3. Sanix Post author

    @Squirly
    Definitely not for us. I even don’t trust big domains like dell, ibm, microsoft etc but it surely is a reliable source for those who frequent to facebook. It’s like when you’re getting a lot of emails from the same domain, your brain tends to trust that source and that’s what happens when social networking sites most of the time that they are used as a camuflague for new viruses and malware.

  4. dewm

    I think they are fishing.. I have a facebook account but recived this same email on my work email. a totally diffrent and not even close to my facebook account. So that would lead me to think that they are just mass-emailing to see who will bite.

    It is always a best pratrace to always be wary of any email attachment. I don’t care who it is from. If you are not expecting one. then alway scan it.

  5. dewm

    @dewm
    also when in you are not sure most sites have a spoof check that you can forward the email to and they will tell you if it is from them or not.
    ie…
    spoof@ebay.com if you recive somthing about you ebay account and you think it is fake forward it to them and they will tell you.

    I also found this on facebook Security page
    http://www.facebook.com/help.php?page=420

    Fake password reset emails
    Some users have received fake password reset emails with attachments that contain viruses. Do not click on these emails or download the attachment. Also, please note that Facebook will never send you a new password as an attachment. To learn more visit our Security page: facebook.com/security
    http://www.facebook.com/security

  6. Facebook User

    I got a fake email / scam with a zip file to reset the facebook password.
    According to the IP it was sent from:

    Location: TORONTO, ON, CANADA, Yonge University
    IP: 76.10.173.28
    Email to bounce back: steepingj221@apositivemove.com

    Dear user of facebook,

    Because of the measures taken to provide safety to our clients, your password has been changed.
    You can find your new password in attached document.

    Thanks,
    Your Facebook

  7. candi

    i forgot my password and i dont know how to access the confirmation code, can u detail how to?

  8. Maxwell

    Please, my problem is that, i fine it very difficult to log in in to facebook, can somebody help me out please.

    1. Sanix Post author

      Maxwell if you are using Firefox then you can let Firefox remember your facebook username and password so that you don’t have to type in your login details everytime you login to Facebook.

  9. luz irizarry

    HY OLL TIME I HAVE TO CHAGE MY PASSPORP AND WHEN I DO OLL THIS SHEPT IS NO GOOD I DON’T WHAT TO DO MORE ROR MANTEING MY PASSPORT PLEASE I NEED HELP .FOR THAT Y CAN’T FIND MY IRIZARRY’SCAFE ANS MY FARM VILLE I HOPE YOURHELP ME TO FIND EVERYTHING THAANK TO MUCH LUZ IRIZARRY

  10. sue muse wills

    please HELP,,reset password never lets me do it,over and over again…I need my passwored asap

  11. Agus sutikno

    Bel kenapa gue tak berani macem2 karena gue ini manusia biasa yg punya rasa sakit,sedih.dll dan jga blh mti tau

  12. Sherene Frazer

    I’m having a problem resetting my password and creating a new one. I received confirmation in my e-mail. Please help???

  13. Mildred-Jerry Malone

    My facebook problem log in again
    Password number smiley
    Confirmation code
    140262991
    Sms number 32665

    Grrrr I am tired of my facebook problemlog in again why? From Deaf Mildred-Jerry Malone

  14. maruf

    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn

  15. sani mohammed

    pls i try to open my face book, for several time but i can’t open it. I dont u why…

  16. Patricia De La Combe

    I am having trouble signing in to face book fot about two weeks now.This something.I have never had anything this to hppen before.I have done everything that you told me to do.Please help me.

  17. cheryl lee

    Please help me reset my password, I’ve tried couple of time now I need your assistance. thank you in advance.

  18. Jose Gabriel A. LLamzon

    please sent me my password reset code, because i cannot open my fb account……..

  19. Sirabuluri Peter Mamza

    hope i can acces my facebook now that i have changed my e-mail address

  20. Ibiloye Bolade

    I deactivated my acount with my email bt i have changed my email address and a comfirmation as been sent there please help me out!!!

  21. angel zuniah carrota

    i lost my phone and my resert password is being sent to my phone,i want it to be sent to my email

  22. adlene das

    pls start facebook in my phone and conformation code place. how do i find conformation code

  23. Manara

    Hi,

    Facebook me demande d’entrer un code de confirmation envoye sur mon portable francais mais je n’ai plus cette ligne telephonique. COMMENT DOIS JE FAIRE ?

  24. Bong

    Good Day!
    Thanks for this post. It creates awareness for Facebook users.
    And I want to share also that this kind of email with attachment can also be a phishing. When someone, click on the link, it goes to some Facebook login page that will steal your username and password. So it is better to always login at http://www.facebook.com as my advise.
    Hi! and I want to share to you the procedure I made on how to get the Facebook security code to reset your password.
    Please visit this link:
    http://facebookerrors.blogspot.com/2011/12/how-to-get-facebook-security-code.html