Cybercriminals spamvertise millions of bogus Facebook notifications, serve malware

By Dancho Danchev

Recently, cybercriminals spamvertised yet another massive email campaign, impersonating the world’s most popular social network – Facebook.

It was similar to a previously profiled spam campaign imitating Facebook. However, in this case the cybercriminals behind it relied on attached malicious archives, compared to including exploits and malware serving links in the email.

More details:

Sample screenshot of the spamvertised email:

Detection rate for the malicious archive: MD5: 0938302fbf8f7db161e46c558660ae0b – detected by 34 out of 43 antivirus scanners as Trojan.Generic.KDV.753880; Trojan-Ransom.Win32.Gimemo.arsu. Upon execution, the sample opens a backdoor on the infected host, allowing the cybercriminals behind the campaign to gain full access to the affected host.

Webroot SecureAnywhere users are proactively protected from this threat.

If users feel they received a bogus email that may not be coming from Facebook, they can alert Facebook by forwarding the message to In addition, users can check to see if their account has been compromised by visiting

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

One thought on “Cybercriminals spamvertise millions of bogus Facebook notifications, serve malware

  1. Pingback: Bogus Facebook ‘pending notifications’ themed emails serve client-side exploits and malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Join the Conversation

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s