Security Alert: Facebook Password Reset Confirmation Email Contains Virus

Yesterday a colleague of mine forwarded me an email that she had got in the name of another colleague. The title of the email was “Facebook Password Reset Confirmation”. The reply-to address was given as service@facebook.com which was a little strange because whenever I get a mail from facebook, the domain is always facebookmail.com. I got suspicious and decided to investigate the issue.

Upon looking into the mail closely, there was an attachment named Facebook_Password_3eb0e.zip. To this point I was sure that this was a virus or something. I uploaded the attachment to virustotal.com which is a service which scans the file through all major antivirus systems. You can see the results by going to the following link:

Virus Total Results For Facebook Virus

You can see that most of the antivirus systems have identified the Facebook_Password_3eb0e.zip file as a trojan.

So what does this trojan do? Upon opening and running Facebook_Password_3eb0e.zip, it will call rogue anti spywares and will inject its own code in legitimate Windows processes like svchost.exe. And a lot of other things things to infect the system fully.

And how did it manage to send it from my friend’s facebook account? Most probably, your friend’s account has been compromised. Facebook is aware of the situation and advises to change the password of your facebook account immediately if it has been sent from your account or if it is from your friend’s account, ask them to change their passwords immediately and scan their computers with an up to date antivirus.

For further reading about this issue, please follow:

Facebook Security Advice

CNET News

M86 Security

«
«

137 responses to “Security Alert: Facebook Password Reset Confirmation Email Contains Virus”

  1. pls start facebook in my phone and conformation code place. how do i find conformation code

  2. Hi,
    Facebook me demande d’entrer un code de confirmation envoye sur mon portable francais mais je n’ai plus cette ligne telephonique. COMMENT DOIS JE FAIRE ?

  3. Good Day!
    Thanks for this post. It creates awareness for Facebook users.
    And I want to share also that this kind of email with attachment can also be a phishing. When someone, click on the link, it goes to some Facebook login page that will steal your username and password. So it is better to always login at http://www.facebook.com as my advise.
    Hi! and I want to share to you the procedure I made on how to get the Facebook security code to reset your password.
    Please visit this link:
    http://facebookerrors.blogspot.com/2011/12/how-to-get-facebook-security-code.html

  4. I want to reset my Facebook password and am having GREAT difficulty doing so.
    Can your headquarters please call me by telephone: 305-661-1837.
    Thank you.
    patricia H. Clarke