Just a quick note that these emails are now using both MySpace and Facebook.
Cloudmark, a security vendor reviewed in the past by The Tech Herald who focuses on email-based threats, said they are sill seeing evidence of this scam.
Cloudmark said they first noticed the malicious emails on Monday, just before 4PM EST. By mid-day Tuesday, October 27th, almost half a million attempts had been made to deliver copies to mailboxes protected by Cloudmark Desktop, and by mid-day Wednesday, October 28th, that number had risen to almost three-quarters of a million. Cloudmark Desktop protects almost 2 million active mailboxes.
“I cannot stress enough – these emails are not coming from Facebook, and they do not mean that your Facebook account has been taken over, or that someone is trying to get your password. The emails are coming from already compromised computers from all over the world, and all they are trying to do is to add your computer to the growing legion of bots. Facebook, unfortunately, is just another victim here…,” said Cloudmark’s David Romerstein
He’s right, and as mentioned below, if you see these emails just delete them.
There is another scam online targeting users of Facebook. This time, the trick is to get them to install Malware by opening a malicious attachment.
According to Websense, the emails will spoof the From address to report that they are being sent by The Facebook Team at [email protected]. The emails contain a ZIP file, which is said to hold the password to your Facebook account that was recently changed.
The attachment, as is the case with most of these scams, is malicious. The Malware contained inside is a member of the Bredolab family of Trojans.
“The malicious exe file connects to two servers to download additional malicious files and joins the Bredolab botnet which means the attackers have full control of the PC, such as steal customer information, send spam emails. One of the servers is in the Netherlands and the other one in Kazakhstan,” MessageLabs said.
As of yesterday, MessageLabs said that there were over 90,000 of these fake Facebook emails being pushed online.
“This spam email attack is designed to play on the subject at the forefront of users minds – their password security. Falling for this scam could lead to the unsuspecting user becoming part of a botnet. With the recent hack of Web email accounts, users would feel more compelled to open an attachment that purports to hold their new password, as they’d be worried who changed it in the first place,” said Carl Leonard, Websense Security Labs Manager.
“Websense reported on the 'add a friend' Facebook scams back in November 2008 so this new campaign shows how cyber criminals adapt their scams to take advantage of the latest hot topic. Our advice for users is to always go directly to the Web address you have an account with and reset passwords there.”
The main thing to remember is that Facebook will never email you to change your password. They don’t have to. If Facebook wanted to disable your account, change the password, or take any other administrative action, they can do so without you even knowing until you next sign on. One certain fact is that if they did change your password, they would never email it to you in a ZIP file.
The image below is an example of one of the scam emails. If you see it, delete it.