Facebook Trojan – Taking a closer look at one of the most common Trojans.
This trojan mimics one of the most popular social networking sites –
As such it also tends to target teenagers. Above is an example of one of these spoof emails.
The big blue button does actually go to Facebook,
The whole point of the email is to convince you it is safe to open the attachment, the Zip file. That is where the Trojan lives. Once you double click or select “open” your computer is infected. How can we tell it is a Trojan? Well lets look at each part in detail. First the “From” field, Looks real enough, and it should.
The “From” field can say anything, it is not used by the email system, it is purely there for a human to read. It is what we in the trade call a “flat text” field and once you create an email you can edit this (if you know how) to say anything. I have sent emails from “god@heaven.com” so we must ignore this field it cannot be trusted.
Next we can look at the Subject line, this is our first clue that this is not right, the subject is all wrong. Facebook never says “Your Friend” it always names the friend. Facebook would say “Joe Bloggs” not “your friend” because the real Facebook knows who your friends are the Trojan writer does not. Then there is the actual attachment shown here –
Who would actually call their own attachment “Your_Friend_New_photos-updates” surely they would use their own name or even your name, no one calls themselves by the third person. Then of course there is the fact that there is an attachment on the email. I have looked at lots of Facebook emails and they never have an attachment. Why would they? They are an online service so any photos would be online. The thing to remember when checking a suspicious email is that the writer of the email does not know you and has to write a generic email that will be sent to thousands of email addresses.
If you have a topic you would like me to cover, please let me know.
Mick Maidens is the Owner of Kent PCs for Computer Repairs in Challock (Nr Ashford). Follow us on Facebook Email: info@kentpcs.co.uk Phone: 01233 740306
1 comment for “Facebook Mimicking Email Trojan”