Be careful of trojan disguised as e-mail from Facebook

You get an e-mail that looks like it is from Facebook. The e-mail says you have been tagged in a photo by a friend and the photo is attached to the e-mail. You open the attachment and BAM you are infected by a trojan known as Troj/Agent-XNN. Or at least that is the latest scare in the on going fight against malware.

Sophos Security, a British digital security firm, is reporting malicious e-mails are floating around that pose as Facebook. The e-mails have a subject of “Your friend added a new photo with you to the album” and say the following:


One of Your Friends added a new photo with you to the album.

You are receiving this email because you’ve been listed as a close friend.

[View photo with you in the attachment]

Attached to the e-mails is a ZIP file that contains the above-mentioned trojan. If you download and open the ZIP, you are infected. This trojan appears to only affect Windows machines and launches itself automatically on Windows boot, disguised as a Java updater (oh the timing).

Of course since this is a known trojan (and not a zero-day attack), any competent anti-virus should protect you against it even if you do accidentally download it. Still, the moral of the story is you shouldn’t open attachments in e-mails — or visit links in e-mails — when you aren’t sure who the e-mail is from. In this case the e-mail looks to be from Facebook but, really, if you stop and think to yourself “how many times does Facebook e-mail me an attachment” then you will realize how dumb of a move you were about to make.

[via MakeUseOf, Sophos]

Related Posts

  • Janet

    I’m delightrd

    Bull, delighted to hear there are young folks like you…:-)…!

    Ashraf, I think there are an unusually large amount of YOUNG NON-Facebook dottechers on the basis of comments in various threads here in the past–that’s why I mentioned it…:-)…..

  • Bull

    Non facebook user here. Even though I land in the generation with social media breaking out, I never got into the whole social media thing. I prefer to actually hang/meet with my friends in person.

    Heck, I only text people if i know they cannot answer thier phone ( work, meetings, doctors appointment, etc.), and that is still rarely. I prefer to make a phone call instead.

  • Ashraf

    @jipy: I attest to this. I don’t have a Facebook, aside from one for dotTech. It is possible.
    @DoktorThomas: Facelessbook? Hmm?
    @Janet: I haven’t looked into it but my guess is dotTechies of the older generation don’t have FB while younger generation do. We have a mix of them.
    @AFPhys: You are welcome!
    @Mary: You are welcome!

  • Mary

    Add me to the list of non FB users! Thanks for the info though! I’ll share it with the people I know who do use it. I can’t imagine if someone does open that attachment, and an AV doesn’t catch it, what will they do when they can’t let their “friends” know that they’re taking a shower! O.o

  • AFPhys

    I have a Facebook account that I have used about thrice for signing up for some program or other. No friends, or whatever else you can do with it.

    Nevertheless, I got that EMail. Though I was curious as to who might think they were a good friend, I didn’t have time or sufficient inclination to even open the EMail, so it hit the cosmic bit-bucket.

    Thanks for showing me what fun I missed (though I also disable automatic updates for everything, including Flash, and suspect one of my several antivirus, and anti-autorun programs would have sanitized this bug before it ran.)

  • Janet

    I bet dottech-ers have an unusually high percentage of NON-Facebook-ers…..We should do a survey…..

  • DoktorThomas

    Thinking people don’t use Face(less)
    Start thinking.

  • jipy

    I have humble and demure solution among others.

    Be drastic, like me : “NO Facebook NO cry… ”

    It appears to be impossible for you?

    I assure you can survive without Facebook accompt.