Malware Is Now Going Around Posting Pictures Of You On Facebook

By: Zach Walton - July 17, 2012

If you have a lot of friends and spend time with said friends, you are probably tagged a lot in their photos. Facebook, being the courteous social network that it is, sends you an email saying that your friend has tagged you in a photo. If you don’t allow pictures of yourself to be taken, you best remain cautious.

It would appear that a new malware is taking advantage of our obsession with tagging and being tagged within photos. The email is harmless enough. All it says is that somebody on Facebook has added a photo of you. Look at how innocuous it is:

Malware Friends Facebook

As nakedsecurity points out, you should immediately notice that the email comes from an email address that can’t even spell Facebook right. You can insult the intelligence of the fine folks working at Facebook all you want when chat doesn’t work, but I’m pretty sure they don’t even misspell their own name.

Other than the misspelling, everything else looks legitimate. That’s what makes this particular threat so worrisome. Most malware threats have at least a few indicators that expose their true nature, whereas this one only has one.

Of course, if you aren’t a social person by nature then this malware threat is entirely ineffective. The photo tag comes from a random stranger. If you do go to a lot of parties and meet random people, you might be duped into thinking that somebody learned your name and took your picture before you passed out on the floor from drinking way too many Everclear shots.

So what does this particular breed of malware accomplish? Upon clicking the “See Photo” button in the email, your browser is taken to a site full of malicious iFrame script. Before you have any chance to react, your browser redirects you to an innocent Facebook page of a random individual. The humor emerges when the Facebook page that you’re redirected to is not the same as the person in the email.

All in all, this malware is pretty easy to spot. It makes a few mistakes a long the way that prevents it from becoming the next big thing in malicious software. Just remember to only open emails from sources you trust. Even then, like in the case of Facebook, make sure the sender email address is correct. Unless the sender has been infected, it won’t be the one you’re accustomed to.

About the Author

Zach WaltonZach Walton is a Writer for WebProNews. He specializes in gaming and technology. Follow him on Twitter, StumbleUpon, Pinterest, and Google+ +Zach Walton

View all posts by Zach Walton
  • Joseph

    Hey Zach,

    I like to look at all things positive in life.

    So……with that said, Couldn’t we use this Mal-ware to our advantage and trick the robots?

    I have been working with computers since I was 7 and I am now 39, so my thinking is kinda “crazy” as some of my fiends will tell you, so take that into account when reading the rest of this, but hey, its a comment right? LOL 😉 <3

    So here is my idea: Its kinda Black-hat …..but hey Zuckerburgs FB isn't exactly white hat….LOL

    How about creating some FB profiles with "products". Upload hundreds of pictures of your product and then make the FB profile password easy and hackable……. THEN when the mal-ware emails hit – The bots could "post the products" all day long :)

    Free Branding !!!

    Plus It would save everyone some $$$ FB credits :)

    Ah – Just a random idea that I will never do, But god gave me this dam brain that makes me over think all the time, 😉

    See yeah man and thanks for the read,