A new wave of malicious emails are tormenting Facebook users as of late. The messages claim that a new login system is being implemented and directs users to a phishing site which can infect them with additional malware.
The new Facebook spam campaign incorporates two different types of attacks in one. First the phishing component tries to trick Facebook users into exposing their login credentials. The lure used is a classic "system upgrade", in this case it is in the form of a new revamped login system for Facebook.
The emails, discovered as coming from @facebookmail.com addresses, read like the following:
"In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users... Before you are able to use the new login system, you will be required to update your account."
The link takes users to a fake Facebook login page, where their email address is already inserted, and requests their password. If the user falls for the phishing trick, they will be redirected to another page that encourages them to download a malicious file. Once the malicious file is executed, then the users' system is then infected with malware.
The file is called updatetool.exe and is advertised as an official Facebook utility for upgrading accounts. This executable file will install a new version of Zeus banking trojan, known as TROJ_ZBOT.CDX (Trend Micro).
Cunning cybercriminals even go as far as to offer recipients security services. All users of Facebook and other social networks should be aware of these misleading spam messages and avoid downloading attachments at all costs.