Tuesday, October 28, 2008

Virus alert: An old friend added you as a friend on facebook

I recently checked the email on the mail server using OzEfilter and noticed an email with the subject: An old friend added you as a friend on facebook.

The contents of the email was as follows:

"Facebook is a social utility that connects you with the people around you.
Facebook notifier

One of your old classmates added you as a friend on Facebook. We need to confirm that you know her in order for you to be friends on Facebook.
To see her picture please check your attachment."

The attachment was a zip file called picture.zip and this is a pretty good indication the email contains a virus. In the zip file was a program called picture.exe further indicating this is a malicious email.

This program was not detected by our desktop anti-virus program, or the server anti-virus software, which has been the case for a couple of months with similar virus infected emails.

Once again I've sent the attachment off for review as mentioned in MyAnswers 1890 and expect it to come back as malware.

I also recently read an article from a news site with the subject and the first paragraph which read as following:

"Facebook attacked by vicious virus

FACEBOOK users are under attack from a virus sweeping through the online social network.

The virus is technically a trojan worm that disguises itself as an email from facebookmail.com."


This email may or may not be the type of virus the article was talking about. The email did have what is most likely a fake address appearing to be from facebookmail.com.

Once again treat with suspicion any email you receive. Log on to facebook and check your messages there. Avoid using links in the email.

Please take care with email purporting to be from facebook.

- Kelvin Eldridge

2 comments:

  1. The first response I received at 4:26am gave no indication the file picture.exe was or wasn't malware, which we've noted in the past is a good indication it is malware. The time delay indicates it is not known malware.

    The next response at 9:34am confirmed the file picture.exe was malware.

    A check of the OzEfilter logs shows a similar email was received on August 29, but because it was from India, and I don't generally receive emails from India, it was deleted.

    - Kelvin

    ReplyDelete
  2. At 4:19pm I received the following confirmation the picture.exe file was malware.

    "With regards to the file "picture.exe" submitted by you on 28 Oct 01:10:10 (Australian Eastern Standard Time), we have added detection for Win32/Mytob.OI to the signature files.

    The Windows PE (I386,EXE) file "picture.exe" has been determined to be malicious. Our researchers have analyzed the file and confirmed the result."

    The update for this anti-virus software should now be received within the next 24 hours.

    This virus shows that should a new virus outbreak occur, most people will not be protected for 24-48 hours. That is why I suggest people use a product like OzEfilter as an additional level of prevention.

    - Kelvin

    ReplyDelete