Reading time: 3 – 4 minutes
There had been a lot of reported incidents this week about Facebook password reset confirmation emails containing an attachment which was an executable file that once opened would trigger a Trojan attack on your computer thus running the rogueware or fake antivirus, anti-spyware or anti-anything software for purpose of deceiving an alarmed user by showing non-existent threats from scan results and endless popup or balloon messages to make them pay for a license in exchange of a trouble-free system.
The recent attack was coming from Facebook’s email database that was sent to thousands though I’m not sure with the statistics but it’s amazing to know that even my domain email which is not at all connected to Facebook also received the same email below (copy pasted as is):
Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
With the actual email screenshot shown:
It’s pretty clear though that it’s not a legitimate email because of the lack of appropriate heading and salutation but surprising because it wasn’t marked as “Spam” by Yahoo Mail and my hosting email. If you aren’t careful enough or if curiosity hits you, you’ll be tempted to download the attached zip file. Please note that the above email’s addressee wasn’t mine but this email landed on my rocketmail.com email account.
Normally, the file name is Facebook_details_348.zip. The built-in Norton Antivirus scanner on Yahoo Mail wasn’t able to detect it as a virus yesterday but when I’ve tried downloading it today, it was no longer the case. Perhaps, Norton already knew what it was.
If I’m not mistaken the executable file enclosed was Facebook_details_348.exe (since .exe files cannot be uploaded on most emails due to risks associated with this type of file) which when opened or executed will initiate the rogueware, XP Smart Security 2010 but may change its name depending on the OS it finds on your computer e.g., if you have Windows Vista on your system, it would be Vista Smart Security 2010.
I certainly have direct experience on this scenario so I’m sharing it now to all my readers. My PC is in good condition after the untoward fake virus attack. I did nothing special about it so if you want to know how I was able to remove the fake antivirus in minutes without any complicated steps or registry editing involved, stay tuned-in by subscribing to this blog via email or RSS and watch out for my post about it.
Updated 24 March 2010
Here’s my follow-up post regarding this incident, How To Remove Fake Antivirus Software.
Sites That Link to this Post
- HOW TO Remove Fake Antivirus Software | March 24, 2010
- Possible Facebook Trojan Effect: Probable Free Trojan Removal Solution? | March 24, 2010
- Malware on iTunes Gift Certificate Email Notices | Software Critics | September 18, 2014