Warning: Malware Feigns as Facebook Photo Tag Notification

Social media users should not let their guards down, especially when malicious software continues to spread and attack via social media tools and networks. Recently, security firm Sophos warned Facebook users about a malicious software that disguises as a Facebook photo tag alert.

In a Naked Security blog post, Sophos’ senior technology consultant Graham Cluley stated that the security firmware intercepted a “spammed-out email campaign” that is designed to infect recipient’s computer with malware tied to the infamous Blackhole exploit kit.

What Happens When I Click the Link?

Be extra cautious (and suspicious) of emails claiming to be from Facebook, saying you’ve been tagged. Once you click the link that supposedly directs you to the photo, you’re instead taken to a website that hosts a “malicious iFrame script” that runs the Blackhole exploit kit. Blackhole essentially opens a back door for more malware, putting your PC at a greater risk.

What makes the campaign even cleverer and trickier is that within four seconds, you’re suddenly redirected to a legitimate Facebook page of a “presumably entirely innocent individual” to act as a smokescreen. Because of this clever trick, you won’t be skeptical that something just went terribly wrong, when in fact you’ve just been malware attacked.

How Can I Tell If the Email is Fake?

Observe an example of what a typical email looks like:

Did you notice the phish-y part about it? Look closely at the “From” field of the email. Gotcha! It misspells “Facebook” with an extra “o.” Pretty sneaky, right? But Cluley further hinted:

Even if you didn’t notice that “Faceboook” was spelt incorrectly, you could have seen by hovering your mouse over the link that it wasn’t going to take you directly to the genuine Facebook website.

Cluley also advised users to keep “your wits about you” when online.

If you don’t take the right steps to protect your computer, one day a cybercriminal might find the right social engineering trick to dupe you into making a bad decision or visit a dangerous website.

SophosLabs is adding detection of the malware as Troj/JSRedir-HW and still investigating this attack.

Cyberattacks running rampant through the social networks is nothing new. That’s why it pays to do a spell-check before you click, because you never know when you’ve just been phished.

Image Sources: Computer Bugs Courtesy of Mike Vadala via Flickr and Fake Email via Nakedsecurity.sophos.com