Malware attack through Facebook photo tag notification
This is a warning for Facebook users. A fraudulent email is circulating on the Internet claiming to be from Facebook and saying you’ve been tagged in a photo. The email probably looks like this:
On a closer look the email is from “notification @faceboook.com” and not from a “Facebook.com” domain. This is a specially crafted email that is targeting innocent Facebook users. Those who click on the link in the email get redirected to a bogus link that hosts malicious iframe scripts. These scripts take advantage of the Blackhole exploit kit and start infecting the system.
This happens within a few seconds and then the browser gets redirected to the original Facebook website. So the user does not get a hint about any kind of suspicious or malicious activity. In our case, two malicious files got downloaded. These files belong to the Trojan.Redirector family. Malware that belongs to this category has the following characteristics:
- Stays resident in the background
- Changes browser settings
- Shows commercial adverts
- Connects itself to the Internet
Kindly do pay attention while clicking on any link in the email. If you come across such emails do not click on any link present inside. Instead, delete the email and keep your Quick Heal antivirus updated.