This fake Facebook message comes with a malicious attachment:
Date: Tue, 26 Nov 2013 04:58:18 +0300 [11/25/13 20:58:18 EST]
From: Facebook [update+hiehdzge@facebookmail.com]
Subject: You requested a new Facebook password!
facebook
Hello,
You have received a secure message. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
Read your secure message by opening the attachment, Facebook-SecureMessage.zip.
Didn't request this change?
If you didn't request a new password, let us know immediately.
This message was sent to [redacted] at your request.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303
The attachment is
Recoverypassword.zip which in turn contains a malicious executable
Facebook-SecureMessage.exe which has a VirusTotal detection rate of
16/42. Automated analysis tools
[1] [2] [3] shows attempted connections to
developmentinn.com on
38.102.226.252 (Cogent, US) and
spotopia.com on
199.229.232.99 (Enzu, US). Note that the servers on those IPs host dozens of legitimate sites and I cannot say for certain if they are all compromised or note.
No comments:
Post a Comment