Symantec recently reported a malicious spam campaign against Facebook, which is now accompanied by a phishing attack. These messages look like an official Facebook invite or password reset confirmation mail.
If we place the cursor over the update button in the message, we can actually see the phishing URL in the status bar. If a user clicks on the “Update” button, he or she is redirected to a Facebook look-alike phishing site. Here, users are asked to enter a password to complete the update procedure. Unfortunately, the user’s password will be stolen if they try to log in on this page.
These attacks can be identified by the subject lines listed below:
Facebook account update
New login system
Facebook Update tool
In another observed change, we detected new malicious attacks on MySpace users as well. As seen with the attacks on Facebook users, we monitored zipped attachments containing executables in these messages—detected as Packed.Generic.261 by Symantec antivirus.
Subject lines associated with this attack are:
Myspace Password Reset Confirmation
Myspace office on fire
Myspace was ruined
A spam attack with a malicious zipped attachment was followed by a phishing attack using URLs with Facebook. Similarly, we also anticipate another malware or phishing attack using URLs in the coming day(s) on MySpace. We also think that social networking sites with huge user bases are currently being targeted to infect maximum machines or gather passwords for more malicious activities in future.
Users need to be extra careful of suspicious attachments, especially those including a “password reset” request because legitimate websites will not send an attachment for resetting a password. Also, users have to be cautious of clicking URLs without proper verification. Symantec is watching around the clock for any possible variations, and will keep users well informed of new trends developed in these attacks.