Another Round of Facebook Malware

In case you weren’t aware, facebook seems quite popular.  Due to its 400 million users worldwide, its openness to application developers, and its tendency to connect users based on perceived trust, it has become a very attractive target for criminals.  Once again a piece of malware has taken direct aim at Facebook users, who range from computer experts to computer newbies, seeking to steal their passwords, online personas, personal information, and potentially, their identities.

The email passes itself off as a genuine email from facebook, reporting that they have reset your password and that your new password is enclosed in an attached file.  Facebook will never send you a file containing your password.  Inside the attachment is an .exe program file that infects your computer and can reportedly steal all of your personal passwords.  Not only your facebook password, all passwords.  It is not clear yet if it is a keystroke logger stealing passwords as you type, or if it collects passwords stored on your computer.

McAffee has a virus alert noting that this is “the sixth most prevalent piece of malware targeting consumers in the last 24 hours.”   Don’t open or even click on the attachment if you get one of these emails.  McAffee’s alert states that the malware “becomes active when the user clicks on it”.  Delete the email immediately.