Security Alert: Facebook Password Reset Confirmation Email Contains Virus

Yesterday a colleague of mine forwarded me an email that she had got in the name of another colleague. The title of the email was “Facebook Password Reset Confirmation”. The reply-to address was given as which was a little strange because whenever I get a mail from facebook, the domain is always I got suspicious and decided to investigate the issue.

Upon looking into the mail closely, there was an attachment named To this point I was sure that this was a virus or something. I uploaded the attachment to which is a service which scans the file through all major antivirus systems. You can see the results by going to the following link:

Warnings About New Hackers on Faceb...
Warnings About New Hackers on Facebook-Fiction!

Virus Total Results For Facebook Virus

You can see that most of the antivirus systems have identified the file as a trojan.

So what does this trojan do? Upon opening and running, it will call rogue anti spywares and will inject its own code in legitimate Windows processes like svchost.exe. And a lot of other things things to infect the system fully.

And how did it manage to send it from my friend’s facebook account? Most probably, your friend’s account has been compromised. Facebook is aware of the situation and advises to change the password of your facebook account immediately if it has been sent from your account or if it is from your friend’s account, ask them to change their passwords immediately and scan their computers with an up to date antivirus.

For further reading about this issue, please follow:

Facebook Security Advice


M86 Security

137 thoughts on “Security Alert: Facebook Password Reset Confirmation Email Contains Virus”

  1. Hi,
    Facebook me demande d’entrer un code de confirmation envoye sur mon portable francais mais je n’ai plus cette ligne telephonique. COMMENT DOIS JE FAIRE ?

  2. Good Day!
    Thanks for this post. It creates awareness for Facebook users.
    And I want to share also that this kind of email with attachment can also be a phishing. When someone, click on the link, it goes to some Facebook login page that will steal your username and password. So it is better to always login at as my advise.
    Hi! and I want to share to you the procedure I made on how to get the Facebook security code to reset your password.
    Please visit this link:

  3. I want to reset my Facebook password and am having GREAT difficulty doing so.
    Can your headquarters please call me by telephone: 305-661-1837.
    Thank you.
    patricia H. Clarke

Comments are closed.