In a blog entry long ago, we wrote about the trend of faking Facebook support emails to spread malware. So far, Bkav’s Honeypot system still regularly receives such emails. The technique is old, while the emails’ contents and the malicious attachments are always innovated.
Figure 1: One of the counterfeit Facebook emails
Why has this old technique been used by bad guys for such a long time? This proves the technique very effective. Let’s try analyzing the nature of the problem. First of all, it’s not difficult to see that Facebook is still the biggest social networking site, which means it owns a huge number of users. Secondly, the popularity of Facebook helps these fake emails bypass spam filter systems much more easily.
So, what should you do when receiving such an email? The answer is just simply to configure your system to show the extension of the attached file before opening it.
Figure 2: Be careful with the icons
Besides, you should not immediately believe in the file’s icon, but carefully examine its extension. It’s advisable that you should not open the file when its extension is “.exe”, “.bat”, “.pif” or “.scr”. More importantly, you need update your antivirus program on a regular basis to have your computer completely protected.
Nguyen Cong Cuong
Senior Malware Researcher