Facebook users are now a target of a new scamming attack that is being spread through emails. Apparently Facebook users are getting emails with the title “Update Account Agreement”. The email is pretended to be sent out by the Facebook Team and encourages the users to download an attached zip file, “agreement.zip”.
The email message has been cleverly drafted and banks on the http://www.allfacebook.com/2009/12/facebook-privacy-new/. It informs the users that due to the recent privacy changes, all users would have to submit a new account agreement to Facebook. The email then goes on to ask the users to unzip the attachment and run the “agreement.exe” file if they want their Facebook accounts to have unrestricted access to Facebook features.
If a user falls for this trick, the exe installs a rogue antivirus Security Tool on the computer. Once installed the software continues to display misleading virus infection messages, restarts the computer every now and then, prevents the users from running executable files and occasionally renders the computer unusable by displaying a blue screen of death.
The full content of the email is pasted below:
Dear Facebook user,
Due to Facebook policy changes, all Facebook users must submit a new, updated account agreement, regardless of their original account start date. Accounts that do not sumit the updated account agreement by the deadline will have restricted access to Facebook.
Please unzip the attached file and run “agreement.exe” by double-clicking it.
The Facebook Team
We are all too familiar with these hoax mails from the days of Hotmail and Yahoo Mail, when users received such emails and had to follow certain instructions in order for their email accounts to remain active. With the popularity of Facebook, the malicious entities have now switched their focus towards the social networking giant.
Panda Security Labs, a web security firm, has detected http://pandalabs.pandasecurity.com/the-facebook-team-informs-you/ sent out to Facebook users since yesterday.The massive flooding of recent hoax chain message, http://www.allfacebook.com/2010/02/automation-labs-facebook/ and the paranoia that it created, suggests that a large majority of Facebook users receiving such an email would likely fell for this trap.
If Facebook would ever have to communicate with you, it would do so via a message in your Facebook message box, rather than an email message. Be advised and not to open any such email. Make sure to let your Facebook friends know about this latest threat as well.