The latest spear-phishing scam doing the rounds uses fake emails from Facebook to trick ordinary folks into downloading malware.

Just last week we learned that a similar tactic was being employed which used WhatsApp to encourage people to download a Nivdort Trojan virus.

Users are greeted by an email with a subject line that reads along the lines of “A brief vocal e-mail was delivered. sele”. The email contains a .ZIP file as an attachment which, when clicked, executes the malware which installs itself on your PC’s “C:\” drive.

The malware then adds itself to the auto-run registry and spreads itself from there, gathering any information it can find and sending it along to the attacker.

Once on your PC, getting a Nivdort Trojan off becomes tricky. By changing the Windows Host file the malware prevents users from accessing websites offering anti-virus software.

Researchers at Comodo Threat Research Lab have said that the similarities between this scam and the one which uses the WhatsApp name mean that the same group of cyber criminals are likely behind it.

“More frequently, they [cyber criminals] are using well-known applications or social platforms and also action-oriented language in the subject lines to entice recipients to open the emails, click the links or attachments and spread the malware”, said director of technology for Comodo Threat Research Lab, Fatih Orhan.

This is a good time to make sure your current anti-virus is up-to-date, and to be a bit more critical of any emails that you receive, especially if they contain attachments. If you’re in any way suspicious of mails in your Inbox, tell your IT support people. 

[Source – Comodo]