Yesterday a colleague of mine forwarded me an email that she had got in the name of another colleague. The title of the email was “Facebook Password Reset Confirmation”. The reply-to address was given as service@facebook.com which was a little strange because whenever I get a mail from facebook, the domain is always facebookmail.com. I got suspicious and decided to investigate the issue.
Upon looking into the mail closely, there was an attachment named Facebook_Password_3eb0e.zip. To this point I was sure that this was a virus or something. I uploaded the attachment to virustotal.com which is a service which scans the file through all major antivirus systems. You can see the results by going to the following link:
Virus Total Results For Facebook Virus
You can see that most of the antivirus systems have identified the Facebook_Password_3eb0e.zip file as a trojan.
So what does this trojan do? Upon opening and running Facebook_Password_3eb0e.zip, it will call rogue anti spywares and will inject its own code in legitimate Windows processes like svchost.exe. And a lot of other things things to infect the system fully.
And how did it manage to send it from my friend’s facebook account? Most probably, your friend’s account has been compromised. Facebook is aware of the situation and advises to change the password of your facebook account immediately if it has been sent from your account or if it is from your friend’s account, ask them to change their passwords immediately and scan their computers with an up to date antivirus.
For further reading about this issue, please follow:
Comments
137 responses to “Security Alert: Facebook Password Reset Confirmation Email Contains Virus”
Yeah pretty much anybody you don’t know that sends you a zip file you can be sure it’s some form of malware. I’ve gotten them from “UPS”, “My Boss”(I am self employed and certain I didn’t send it), “Ebay”, etc. I never bother with identifying them unless I’m checking out new security software on my test box. 🙂
@Squirly: +251913084855 facebook pasword
@Squirly
Exactly. But if the mails apparantly seems to come from a reliable source like facebook, people tend to trust it and open the attachment. That’s where this trojan’s success starts.
I would argue that facebook is definetly NOT a reliable source. 😉
@Squirly
Definitely not for us. I even don’t trust big domains like dell, ibm, microsoft etc but it surely is a reliable source for those who frequent to facebook. It’s like when you’re getting a lot of emails from the same domain, your brain tends to trust that source and that’s what happens when social networking sites most of the time that they are used as a camuflague for new viruses and malware.
I think they are fishing.. I have a facebook account but recived this same email on my work email. a totally diffrent and not even close to my facebook account. So that would lead me to think that they are just mass-emailing to see who will bite.
It is always a best pratrace to always be wary of any email attachment. I don’t care who it is from. If you are not expecting one. then alway scan it.
@dewm
also when in you are not sure most sites have a spoof check that you can forward the email to and they will tell you if it is from them or not.
ie…
spoof@ebay.com if you recive somthing about you ebay account and you think it is fake forward it to them and they will tell you.
I also found this on facebook Security page
http://www.facebook.com/help.php?page=420
Fake password reset emails
Some users have received fake password reset emails with attachments that contain viruses. Do not click on these emails or download the attachment. Also, please note that Facebook will never send you a new password as an attachment. To learn more visit our Security page: facebook.com/security
http://www.facebook.com/security
thank you for having such a great blog
hi please help me how to open my facebook but i forgot my password
i don’t know the confirmtion code
pllllllllllllllllllizzzzzzzzz
I cannot access to my account Need security code to help re-store my faccebook
I want a Subscription Code No. For Norton Internet Security.
my email is http://www.shawnaton@yahoo.com and my password is andra01
i cannot confirm my facebook please resent my confirmation code to confirm my facebook
i want my password on facebook
1883541602
1908906824
i forget my password what i do
I got a fake email / scam with a zip file to reset the facebook password.
According to the IP it was sent from:
Location: TORONTO, ON, CANADA, Yonge University
IP: 76.10.173.28
Email to bounce back: steepingj221@apositivemove.com
Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
Your Facebook
i forgot my password and i dont know how to access the confirmation code, can u detail how to?
can u send me the confirmation code to confirm my facebook asap
Please, my problem is that, i fine it very difficult to log in in to facebook, can somebody help me out please.
Maxwell if you are using Firefox then you can let Firefox remember your facebook username and password so that you don’t have to type in your login details everytime you login to Facebook.
¿En qué estás pensando…?
please help me to log in facebook,
I need to confirm my facebook account asap
forget security code i need to confirm it
elp me with security code in face book
is this crap.just send my changes.I dont want to buy anything
HY OLL TIME I HAVE TO CHAGE MY PASSPORP AND WHEN I DO OLL THIS SHEPT IS NO GOOD I DON’T WHAT TO DO MORE ROR MANTEING MY PASSPORT PLEASE I NEED HELP .FOR THAT Y CAN’T FIND MY IRIZARRY’SCAFE ANS MY FARM VILLE I HOPE YOURHELP ME TO FIND EVERYTHING THAANK TO MUCH LUZ IRIZARRY
plzzzzzzzz unblogged my id i request u
i need my facebook confermation code!!!pls…!!
iwant my facebook comformation code
This was what I needed to know. I love this kind of inside money info.
sport
maaf itu kesalahan
sorry i was made trouble
forgot my security code
i forgot my password on facebook 🙁
help me to get confirmation code so that i can open my acount on facebook…pls!!!
I am now with verizon.net instead of netzero.com
now with verizon.net instead of . I am now
sk9ktoM
nice work .
cpa yg ngmbl fb qw…..
i got the code bt it dnt want 2 be reseted.. i realy missed facebook. bt i cant log in
i cannot confirm my facebook resent my confirmation code to confirm my facebook
subash
i forgot my facebook login password and i need a new one
ican not logien ineed new one
please HELP,,reset password never lets me do it,over and over again…I need my passwored asap
i can’t see my facebook page. how can i remove the facebook confirm email page?????????
i can se my faceboockpage how can i remove the faceboock comfirmpage
Frends jadi manusia itu sush kita manusi meti bersukur oke