This latest find from our researchers in the AV Labs is filed under the “We Found Another Facebook Spam” pile.
Let it be a warning to you, dear Reader, about this mail that purports to originate from Facebook and bears the subject “Verify your account”. It isn’t clear what this verification notice is about unless you read the content of its message body, which says:
click to enlarge
Hi {recipient’s email address},
You have blocked your Facebook account. You can reactivate your account whenever you wish by logging into Facebook with your former login email address and password. Subsequently you will be able to take advantage of the site as before
Kind regards,
The Facebook Team
(To help clear up the slight confusion in context, “blocked” here may mean that an account has been deactivated, specifically the spam recipient’s; it has nothing to do with blocking search engine from pulling out and displaying the recipient’s Facebook profile if someone does a search of their name, as some sites suggest.)
This is a seemingly potent social engineering tactic to get panicked (if not half-perplexed, half-curious) recipients clicking away. The tactic may probably be not as effective if the recipient normally thinks twice before reacting to such a message.
Clicking any of the links on the email leads users to various URLs that are clearly unrelated to Facebook in any way. We believe that these sites have been compromised, and sure enough, they all redirect users to a very familiar territory:
click to enlarge
Yep, it’s another Blackhole–Zeus-related threat.
Please ignore and delete this Facebook spam if you have it in your inbox.
Jovi Umawing (Thanks to the GFI Labs team)
Leave a reply
