to the Desk main page.
the Urban Legend and SPAM page

"You've got ... .... malware!"

©2011 The Media Desk

      According to the email subject line, the Desk's "Facebook" password had been changed and to get the new password, all it had to do was open the attached file.

      Well. OK. Wonderful. Except for the fact that the email account the message was in was in no way associated with any of its "MyFaceTweetLinkedspacepagein" accounts.

      So. The Desk being The Desk, checked into it a bit further, starting by having the attachment scanned by the mail service's software without either downloading or opening it.

WARNING: ProxyAV has detected a virus in this file! File has been dropped. Virus: "" found!

      Well now, that's a bit of news.... "FB", as it is called, is sending out viruses with its password changes.

      No. Not exactly. First of all, our friend 'Jorik' is a "Trojan", which is malware that's not exactly a virus...

Note Of Clarification.
      'Malware' a malicious program that is installed on a computer with or without the user's consent. Often in the form of advertising (adware) that pops up on the screen long after you've close the browser or moved on but is otherwise benign. However, this code can contain harmful programs as well. In at least one well known case. The adware so installed was nothing more than an attempt to get you to pay a 'virus removal company' to remove the code that they had installed on the machine. Unfortunately this tactic is still being used, often by websites advertised on TV commercials promising to speed up your computer or to check for malware. The program is installed on the victim's machine when they visit the website, then (for only $19.99!) the company 'removes' the danger.
      In the computer world, a 'virus' is a self-replicating bit of malicious code that sends itself out from an infected machine (computer, server, even smart phone) to others through various means, most usually, through email. The virus may simply make copies of itself and email them out and not do anything else, display a link to a phishing website, or it could do something such as filling the machine's memory with garbage or telling the hard drive to destroy itself. But, there is a dark side, which we'll get to in a moment.
      A related type of infective code is the 'worm'. These are self-replicating programs that usually infect networks. Historically, the worms themselves have been an annoyance without doing any real harm to infected machines. The down side is that sometimes the worms aren't by themselves, which we shall see in a moment.
      A 'Trojan', however, isn't self-replicating, and the program itself can be a lot larger and more sophisticated as well. These malware programs can turn the infected machine into a spam-spewing robot, a drone in a network of computers used to attack a target system such as a bank, or just sit in the background and collect every bit of data entered into the system (a 'keylogger') and then send it to its master outside. This type of malware is usually emailed out by the criminals, or their robot networks, to users as an attachment.

      And now to muddy the water.
      Any of the above can carry a 'payload' of code that can also infect the target machine. This is especially true of worms and viruses that open 'backdoors' or unrestricted ports into a computer or server, or punch a hole in a fire wall that allows the bad guys to gain access to an otherwise secure system. And, as a bonus, the 'virus' or 'worm' can replicate itself, and the Trojan, and then deliver the whole package to new machines.
      Now the good news, advancements in the malware sciences have resulted in the ability of these 'bugs' to infect new machines without any action required by the user such as downloading a file or opening an email. Now we have 'drive by' infections. This is accomplished by encoding the malware into the source code of a web page, ad, game, ap, or other unsuspecting, and possibly otherwise innocent, content. This is now seen in applications running on social networks such as the above mentioned "FB".

Moving On....

      Suffice it to say that the spam below was NOT sent by the social network.
      By the header, see below, it was sent by a hijacked machine at a real estate firm (which actually does exist) where somebody probably DID open the attachment and infect their machine with the Trojan, which then sent out copies of itself, and may be collecting the business's banking information and sending it to some criminal someplace.
      Which is why you shouldn't blindly believe everything you see as an email header and mindlessly open the attachment "just in case" or run every ap that is promoted on the social media or through your fancy cell phone.


Email with header below.

Return-Path: lobby(trunicated9@r(deleted)
Received: from 61.102.218. (deleted) by with SMTP; Fri, 15 Apr 2011 02:21:53 -0400
Received: from 61.102.218. (deleted) by mail.r(deleted); Fri, 15 Apr 2011 15:21:31 +0900
Message-ID: <000d01cbfb35$5c500e60$6400a8c0@lobbyth069>
From: "Your Facebook"
To: dr_leftover@some email address or other
Subject: Facebook password has been changed. N74449
Date: Fri, 15 Apr 2011 15:21:31 +0900
MIME-Version: 1.0
Content-Type: multipart/mixed;
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-SmarterMail-Spam: SpamAssassin 7.6 [raw: 7.6], SPF_SoftFail, DK_None
X-SmarterMail-TotalSpamWeight: 17

Dear user.

Your password is not safe!
To secure your account the password has been changed automatically.
Attached document contains a new password to your account.

Thank you,
Your Facebook.


end spam

The Media Desk's Urban Legend and SPAM Info Page

Back to the Desk main page at: