Be careful of trojan disguised as e-mail from Facebook

You get an e-mail that looks like it is from Facebook. The e-mail says you have been tagged in a photo by a friend and the photo is attached to the e-mail. You open the attachment and BAM you are infected by a trojan known as Troj/Agent-XNN. Or at least that is the latest scare in the on going fight against malware.

Sophos Security, a British digital security firm, is reporting malicious e-mails are floating around that pose as Facebook. The e-mails have a subject of “Your friend added a new photo with you to the album” and say the following:


One of Your Friends added a new photo with you to the album.

You are receiving this email because you’ve been listed as a close friend.

[View photo with you in the attachment]

Attached to the e-mails is a ZIP file that contains the above-mentioned trojan. If you download and open the ZIP, you are infected. This trojan appears to only affect Windows machines and launches itself automatically on Windows boot, disguised as a Java updater (oh the timing).

Of course since this is a known trojan (and not a zero-day attack), any competent anti-virus should protect you against it even if you do accidentally download it. Still, the moral of the story is you shouldn’t open attachments in e-mails — or visit links in e-mails — when you aren’t sure who the e-mail is from. In this case the e-mail looks to be from Facebook but, really, if you stop and think to yourself “how many times does Facebook e-mail me an attachment” then you will realize how dumb of a move you were about to make.

[via MakeUseOf, Sophos]

Related Posts