Fake Facebook Emails Deliver Malware Masquerading As Audio Message

An anonymous reader writes: A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same. The fake emails are made to look like an official communication from the popular social network, and their goal is to make the victims believe they have received a voice message. The attachment that the recipients are urged to download and open contains a malicious executable — a variant of the Nivdort information-stealing Trojan.

I received the message

[110010001000]

I got that message. I figured what is the harm in opening an executable I received in an attachment. After all, this is 1992! Modern times!

Re:

[alphatel]

I got that message. I figured what is the harm in opening an executable I received in an attachment. After all, this is 1992! Modern times!

Evolution has selected Facebook users for extinction.

"Facebook users"

[Anonymous Coward]

I have no sympathy for anyone who uses Facebook and gets pwn3d by this shit.

Re:

[mccrew]

I see that you have conveniently jumped straight to victim blaming rather than owning up to the bigger failing, which is why ordinary users should even have to worry about becoming owned by benign-looking attachments.

Especially for tech creators like so many of us here, this seems applicable: "When you point a finger at someone else, remember that there are three other fingers pointing back at yourself."

Re:

[bloodhawk]

The reality is that with choice comes a certain amount of responsibility. a woman should be able to wear a skimpy outfit and walk down dark alley's at night safe, a rich person should be able to have hundred dollar bills hanging out his pocket without fear of being mugged. The reality is that if you want the freedom to do that it comes with certain risks that society (or computer programmers) can't fully mitigate without you giving up some freedoms.

Re:

[PPH]

mobile app assigned a phone number to my tablet.

Everything the phone company does involves phone numbers. Don't like it? Disable 3G/4G connectivity and live from WiFi AP to WiFi AP.

Re:

[laurencetux]

you do know that there are in fact very nice tablets that

DO NOT HAVE A PHONE RADIO AT ALL

Re:

[Krojack]

Yet more and more phone calls can be placed via VoIP over wifi, which tablets can do.

Re:

[sumdumass]

No phone radio required. Their accounting and authentication system assigns a phone number in order to allow and control access on their network. A number will be assigned whether you have capabilities or not. Think of it as an access code even though it looks like a phone number.

Re:

[sumdumass]

Ignore this. I just noticed he was talking of the Facebook app not the tablet 3/4g access.

Re:

[truck_soccer]

The tablet doesn't have a sim card. or cell phone connectivity. Read the AC's post.

Ob

[Hognoxious]

How do real Facebook emails deliver it?

Image recognition

[martinux]

Much of the spam I see is Paypal and Facebook. Shouldn't spam filters be image matching logos or looking for company names in an email and verifying the email came from a domain associated with that company?

Re:

[pr0fessor]

from the microsoft account team outl.ook@outlook.com and a link to update my account information on some domain registered out of india that has been revoked... my spam filter caught it along with some similar ebay ones.

Re:

[Krojack]

I just checked paypal.com's SPF. They are set to SoftFail. I feel like they should have that set to HardFail. SPF isn't 100% perfect but it does help.

did we suddenly go back in time?

[bloodhawk]

Sooo why is this an article here? seriously this has been a common attack method for over a decade.

Why are you still using Facebook?

[Anonymous Coward]

Literally nothing good comes from Facebook, why are you still using it?

Oh, but how am I going to keep in touch with my 573,674 friends?

LOL, you have FIVE friends, the rest are Facebook 'bots.

I have Friends and Family I need to keep in touch with, they're important to me!

If they're so goddamn important, why can't you pick up a phone once a week and, I dunno, actually TALK to them? Or how about something SO RADICAL as actually seeing people in person?

I use this to represent my business

LOL nobody cares, get a fuckign webpage like everyone else, loser, you just have NO FRIENDS and are lonely. Try OKCupid or something.

You people are wasting time and energy and accomplishing NOTHING on F

Re:

[malditaenvidia]

Settle down, gramps. You forgot to take your medication again.

Re:

[Anonymous Coward]

There are more than 50 file extensions in Windows that will execute. It's hard to get all of them, and it sucks that Exchange doesn't block them out of the box. Our company email was shutdown for almost a week after Microsoft added the .MSI extension, and our users kept installing trojans. Microsoft didn't give any warning before adding that crappy feature. At the time, we used a project management system that used the extension .mis, so users didn't notice the difference.

Re:

[SpeZek]

So use a whitelist, not a blacklist, for your blocking policies.

Or do the other smart thing and don't allow regular users to have admin privileges.

Fake mails Deliver Microsoft Windows Malware ..

[tetraverse]

"A new spam campaign is targeting Facebook users"

Shouldn't that be spam campaign is targeting Microsoft Windows?