Thursday, December 24, 2009

Another Spam/Malware to be aware of titled “your photo” via Facebook direct messaging


The subject was “your photo” with the message of “Is This Your Photo?!" “Warm regards!!!!!” and a link to a web site with the words uploaded, easyspace, photosbank, me, uk and file in it.

Received this message via Facebook tonight at 1:37am which showed from Facebook Mobile.  Now I know that this person would not be up at this time and I know they do not have a mobile device.

Do not click on the link, it goes to a web site that calls up the adobe reader and tries to download a file called photo.exe.  The photo file is a exe file and it will try and run itself to infect your computer.

Always think twice about clicking on links and then take a close look at where the link actually goes.  If it looks funny then it probably is, don’t click it.

Here is a snapshot of the message:

image

5 comments:

Kate said...

I got several of these originating from my Dad's facebook account. Apparently been sent to all his contacts. Any ideas of how to stop these being sent from his account?

Richard said...

Somebody has hijacked his account have him change his Facebook password to something with at least eight characters mixed with numbers, lower case letters and upper case letters.

langolier said...

I have the same problem but wonder about the 'hijacked account' conclusion.

I received the Facebook 'your photo' message (ostensibly) from a friend and [automatically] clicked the link without giving it a thought.

I'm using a MacBook so an .exe file won't 'execute' but a goodly number of my Facebook friends have, in turn, received the 'your photo' message from "me".

What should I do for me and how can I help them?

Thanks.

Richard said...

1. Could guess that the link goes to a website first that contained html code (that could even run on a macbook browser) that grabs the Facebook password before it tries to load the exe file. The Macbook would prevent the exe from running but, not getting the password and login id from your already logged in facebook account.

2. Could guess that a phishing scheme may ask for a user name and password to see the photo which in turn they now use to access your facebook account to send out messages.

Human nature has us trust others and this nature is used to take advantage on the internet regardless of what kind of computer system we use :( It takes time to learn how to determine if a link or pop up message is good or bad

langolier said...

Thanks Richard,

For Info: The messages went to all my friends and contain a variation of the link:
http://downloads76482854760426.!STRING!/vc0114ke/

The differences are in the number before !STRING!. The vc0114ke/ seems to be common to all.

Infection apparently occurs just by clicking. The messages are all in my 'Sent' box.