Fake Facebook Notification Leads to Malware

 Analysis by: Michael Angelo Casayuran

Trend Micro researchers received samples of a spammed email message claiming to be an email notification from social networking site Facebook. Written in Spanish, the body of the message informs the readers that a private multimedia message has been received. Users can supposedly view the message by clicking on the icon provided. However, clicking the icon points to a website that prompts the download of an executable file named MMS_Facebook.exe. Trend Micro detects this as BKDR_IRCBOT.FBK.

Users should always be wary of mails such as these, even if they first appear to be legitimate and from trusted sources.

 SPAM BLOCKING DATE / TIME: May 27, 2012 GMT-8
 TMASE INFO
  • ENGINE:
  • PATTERN:8932