This weeks most popular virus campaign appears to be the Facebook Password Reset Confirmation emails.
These emails claim to come from a wide variety of Facebook email addresses, such as:
- “Contact Facebook” <email@example.com>
- “Facebook Manager” <firstname.lastname@example.org>
- “Facebook Networks” <email@example.com>
- “Facebook Support” <firstname.lastname@example.org>
- “Facebook Support” <email@example.com>
- “Facebook Support” <firstname.lastname@example.org>
- “Facebook Support” <email@example.com>
- “The Facebook Team” <firstname.lastname@example.org>
- “The Facebook Team” <email@example.com>
- “Your Facebook” <firstname.lastname@example.org>
But these are examples of sender address spoofing as they are actually sent from already infected personal computers throughout the world. Additionally, they appear to change the address every day or two in order to try and reduce their susceptibility to spam filtering systems.
The Subject of the emails is similar to those actually sent by Facebook:
- Facebook Password Reset Confirmation! Important Message
- Facebook Password Reset Confirmation NR.32917
In the case, of the “NR.32917” example, the number is randomized to try and avoid spam filtering systems.
The message itself is not particularly convincing, but no doubt still effective enough for the spammer’s purposes. While their are slight variations, the emails basically says:
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
The Facebook Team.
The dual email file attachments (very common to virus campaigns nowadays) included are:
Launching either of these files will execute the virus code, resulting in the infected computer itself sending spam emails to continue the mass infection while also compromising usernames and passwords entered into the PC while the machine remains infected, which is perhaps indefinitely.
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.