Malicious Greeting from Your “Friend”

With the soaring popularity of social networking sites, it is no surprise that spammers try to take advantage of them. In the past, spammers would register their own accounts and then send unsolicited messages through the social networking site. By default, the site generated automated email to let the user know that there is a new message. While such notifications are technically legitimate, the user would have most likely considered the messages as spam, due to the unsolicited content. For spammers, this technique had a shortcoming—the message sent to the user was from an unknown person/entity.

Recently, Symantec has observed a rise in a newer technique of social networking site abuse. The below example is a legitimate notification from Facebook that informs the user of a new private message:

As noted above, the message itself is not spam because there really is a private message in the Facebook inbox:

Symantec has confirmed that this account was not created for spamming purposes. Instead, the sender’s account was hijacked and this message was sent to everyone who is “connected” (direct friend, friend of a friend, etc). If the user navigates to the Web page provided in the message, Bloodhound.PDF.10 tries to load.

In the above example, the sender was not a direct friend with the user. However, it is highly likely that the user could receive such messages from a direct friend. This could give the user a false sense of confidence, which may lead to malware being installed on the user’s machine.

This example serves as a good reminder to all social networking site users that the message really may not be from a friend, even if it is from a friend.