Facebook bomb ...

[crabfoot]

Friends, be warned - I have an email message which reads


Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password
has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

This is evidently bogus, because I am not on Facebook - and I am fairly certain that the attached zip file contains a bomb. Over 50k for a couple of sentences?

Watch out for this one ... it came straight in to my email inbox, dodging the spam filters. The email must have been harvested from a site privacy policy, that is the only place where it is public. Hmm ...

 

[crabfoot]

I'm bumping this because they sent me another one - both contain nasty Trojans. Don't get caught out!

At least it has prompted me to learn about email scrapers ...

 

[bensd]

I've had a few of these over the last couple of weeks.

Hopefully it won't catch too many people out.

 

[mat]

When will facebook hurry up and die?? Its a pain.

 

[aZooZa]

I took a look - no ASCII clues in the .exe file at all - just the normal compilation stuff at the EOF:

0000dc10  d2 12 02 00 00 00 00 00  4b 45 52 4e 45 4c 33 32  |........KERNEL32|
0000dc20  2e 44 4c 4c 00 43 4f 4d  43 54 4c 33 32 2e 64 6c  |.DLL.COMCTL32.dl|
0000dc30  6c 00 4d 53 56 43 52 54  2e 64 6c 6c 00 6f 6c 65  |l.MSVCRT.dll.ole|
0000dc40  61 75 74 33 32 2e 64 6c  6c 00 73 68 6c 77 61 70  |aut32.dll.shlwap|
0000dc50  69 2e 64 6c 6c 00 00 00  4c 6f 61 64 4c 69 62 72  |i.dll...LoadLibr|
0000dc60  61 72 79 41 00 00 47 65  74 50 72 6f 63 41 64 64  |aryA..GetProcAdd|
0000dc70  72 65 73 73 00 00 56 69  72 74 75 61 6c 50 72 6f  |ress..VirtualPro|
0000dc80  74 65 63 74 00 00 56 69  72 74 75 61 6c 41 6c 6c  |tect..VirtualAll|
0000dc90  6f 63 00 00 56 69 72 74  75 61 6c 46 72 65 65 00  |oc..VirtualFree.|
0000dca0  00 00 45 78 69 74 50 72  6f 63 65 73 73 00 00 00  |..ExitProcess...|
0000dcb0  50 72 6f 70 65 72 74 79  53 68 65 65 74 57 00 00  |PropertySheetW..|
0000dcc0  66 72 65 65 00 00 56 61  72 69 61 6e 74 49 6e 69  |free..VariantIni|
0000dcd0  74 00 00 00 53 74 72 43  61 74 57 00 00 f0 01 00  |t...StrCatW.....|
0000dce0  0c 00 00 00 72 34 00 00  00 00 00 00 00 00 00 00  |....r4..........|
0000dcf0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
0000de00  00 10 00 00 0c 00 00 00  ca 39 00 00 00 30 00 00  |.........9...0..|
0000de10  0c 00 00 00 7d 3f 00 00  00 40 00 00 10 00 00 00  |....}?...@......|
0000de20  64 32 f2 32 10 36 00 00  00 50 00 00 0c 00 00 00  |d2.2.6...P......|
0000de30  6b 31 70 31 00 70 00 00  34 00 00 00 77 34 89 34  |k1p1.p..4...w4.4|
0000de40  f4 34 42 35 02 36 47 36  6d 36 83 36 dd 36 f1 36  |.4B5.6G6m6.6.6.6|
0000de50  57 38 1e 3a 93 3b 9b 3b  d2 3b ff 3b 33 3c 9b 3d  |W8.:.;.;.;.;3<.=|
0000de60  7f 3e 34 3f 3c 3f 69 3f  00 80 00 00 30 00 00 00  |.>4?<?i?....0...|
0000de70  31 30 33 31 6f 31 e3 32  d0 34 f1 35 f9 35 01 36  |1031o1.2.4.5.5.6|
0000de80  2f 38 d7 38 1a 39 2c 39  d1 39 09 3b 50 3b a7 3b  |/8.8.9,9.9.;P;.;|
0000de90  9e 3c d2 3c 00 3f 05 3f  00 00 00 00 00 00 00 00  |.<.<.?.?........|
0000dea0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|