Spam Tricks Users Into Downloading Fake Facebook Messenger

 Analysis by: Dhan Praga

TrendLabs engineers have intercepted new spam samples that use social engineering tactics to trick users into download a backdoor onto their systems. This attack starts once users receive an email notification (Figure 1) purporting to originate from Facebook. When users click any of the links in the email body, they are directed to a website (Figure 2) that appears to be affiliated with the said social networking site. The site, a supposed download page for the nonexistent 'Facebook Messenger', also contains links that point to the same location where FacebookMessengerSetup.exe-1 can be downloaded. Trend Micro detects this malicious executable file as BKDR_QUEJOB.EVL.
 SPAM BLOCKING DATE / TIME: April 17, 2011 GMT-8
  • ENGINE:6.5
  • PATTERN:8080