New Malware Comes Dressed as Facebook Photo Tag Email Notification

    August 28, 2012
    Josh Wolford

If you receive an email that looks like it’s from Facebook and says that you’ve been tagged in a photo, you may want to scour it for abnormalities. That’s because the latest malware on the loose involves a common Facebook email notification.

“Greetings, One of Your Friends added a new photo with you to the album…,” says the email. “You are receiving this email because you’ve been listed as a close friend.”

No, no, and nope. It’s actually a malware delivery system, and clicking on the attachment will infect your PC with a Trojan. Sophos’ Naked Security blog first spotted the malicious email.

Here’s what the malicious email will look like. Note that it contains the blue Facebook header, and a button to click to see the photo in an attachment. One way you know that this is complete bullsh*t is that Facebook never sends you photos that you’ve been tagged in as attachments. Facebook sends you links to said photos on their site.

Facebook photo tag email malware

Sophos identified the malware as Troj/Agent-XNN, a zip file designed to let distributors grab control of your computer.

This is not the first time in the last couple of months that malware has targeted people by posing as a Facebook photo tag notification. Last month, another malicious email scam purported to bring word of a new photo tag, but instead contained links to sketchy websites.

Just be vigilant. That’s always the advice. If it looks suspicious, it probably is. Check for misspellings, improper grammar, and other oddities. If something tips you off, your best bet is to avoid clicking anything.