With Facebook's gaining popularity, the number of Facebook scams we have received recently has also increased. Yet another Facebook spam campaign is being spammed currently which we believe originates from the Pushdo botnet. The scam appears to have two aims; to steal your Facebook account credentials and to distribute the Zbot (Zeus Bot) Trojan.
Opening the link from the message body is a step closer to your Facebook account being compromised. The link looks legitimate at first. But further inspection reveals a URL format like this:
http://www.facebook.com.<MALWARE DOMAIN>u/globaldirectory/LoginFacebook.php?ref=<RANDOM NUMBER>&email=<TARGET EMAIL ADDRESS>
Once you enter your username and password, you will be redirected to another fake Facebook page. The page instructs you to download an executable file that poses as a Facebook update tool. The executable file is none other than the Zbot trojan.
Two days ago, we warned about a Pushdo campaign with a zip attachment using the Facebook theme. The purpose of that spam campaign was to distribute the Bredolab Trojan. Social networking sites such as Facebook sites are very popular and most users are highly susceptible to these kinds of attacks. Always be vigilant when you receive emails like this. Always verify links and be extremely wary of downloading or opening any attachment files especially executable ones.
