Issue 114 - May 2011 - Page 16
Facebook "Your Password is Not Safe" Malware Email
Email purporting to be from Facebook, claims that the recipient's Facebook password has been automatically changed because the previous password was not safe.
The email is not from Facebook and the claim that the user's password has been changed is untrue. The attachment that comes with the email contains a trojan.
Detailed analysis and references below example.
Last updated: 13th April 2011
First published: 13th April 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Facebook Support. Your password has been changed! ID09687
Dear user of FaceBook.
Your password is not safe!
To secure your account the password has been changed automatically.
Attached document contains a new password to your account and detailed information about new security measures.
Thank you for your attention,
Administration of Facebook
According to this email, which claims to be from Facebook Support, the recipient's Facebook password has been automatically changed because the old password was not safe. The message instructs recipients to open an attached file to get the new Facebook password along with "detailed information about new security measures".
However, the email is not from Facebook and the attachment certainly does not contain a new password or any security information. Opening the attachment will launch a trojan
that, once installed, can modify the Windows registry, establish connections with malicious websites and download further malware components.
In January 2011, a malware email very similar to the one shown above
was hitting inboxes. The message claimed that the recipient's Facebook password had been changed "for safety" because spam had been sent from his or her Facebook account. As in this case, the email's attachment contained a trojan. In fact, bogus "password reset" emails claiming to be from Facebook have been used a number of times over the last few years as a means of distributing trojans and other malware.
Facebook users should be very cautious of any unsolicited email that claims that their Facebook password has been changed. Facebook is never likely to include a new password in an email attachment. If you receive any such message, do not open any attachments that it may contain. And, do not follow any links in the email. Some versions try to trick recipients into visiting bogus websites that contain malware.
Phishing scammers have also used bogus Facebook messages in attempts to steal login details and other personal information
from Facebook account holders.
Facebook Support. Your password has been changed!' contains trojan
Facebook Trojan Email - 'Your Password is Changed'
Facebook Password Reset Confirmation Trojan Email
Fake Facebook Login Phishing Scam
Pages in this month's issue:
- False Warning - Do Not Add 'Jason Lee' Because Its a Virus
- Amber Alert Hoax - Fake '72B 381' Abduction Alert Continues To Circulate
- Fake Order Notification Emails Carry PDF Exploit
- Padlock on Facebook Home Page Hacker Warning Hoax
- Tsunami Deep Sea Creatures Email
- Hoax News Report - Japan to End Whaling
- Visa Card Violated Phishing Scam
- Facebook 'Virus' Alert - Twilight the Movie Link 'Worst Virus Ever' According to Facebook and CNN
- Prayer Request for Injured Soldier Tony Mullis
- Inaccurate Warnings Claim ALL 'bit.ly' Links Are Suspect and Should not be Clicked
- Facebook Non Secure Browsing Warning
- Facebook 'Trojan' Warning - Girl Who Killed Herself In Front Of Web Cam Video
- Do Circulating Photographs Show a Mass Fish Death In California Caused by the Japanese Tsunami?
- Facebook Rogue App Survey Scam - BBC News Check What She Did on Cam
- Google Promotion Award Advance Fee Scam
- Facebook "Your Password is Not Safe" Malware Email