Facebook 'account cancellation' email hides malware

Facebook users were warned Tuesday (Wednesday, PHL time) against a new malware disguised as an email asking them to confirm if they want to cancel their accounts. Computer security firm Sophos said the email, which claims to be from Facebook, alleges to have received an account cancellation request from the prospective victim. It provides a link to "confirm or cancel" the supposed request, but the link leads to a third-party app running on Facebook's platform, Sophos said. "Of course, that means that the link *does* go to a facebook.com address - something might fool those who are not cautious," Sophos warned. Users who clicked on the link will see a message asking them if they want to allow an unknown Java applet to run on their computers. "And it seems they're pretty insistent that you allow it.. If you hit the 'No thanks' button they'll just carry on pestering you to allow the Java applet to run," said Sophos, which also acknowledged that the social engineering being used by the tricksters behind this malware attack is "pretty cunning." "They know that people value their Facebook accounts highly, and many would be upset to lose access to them and the digital connections they have built up with friends and family," it continued. Cybercriminals apparently hope victims will blindly agree to whatever the computer tells them to do, to "fix" the account cancellation request. Allowing the applet to run will then lead to a message claiming Adobe Flash must be updated. "Of course, the code that is downloaded is not really Adobe Flash at all. Instead, the program drops additional files into your /WIN32 folder, which have the intention of allowing remote hackers to spy on your activities and take control of your computer," Sophos pointed out. Sophos said its security products detect the malware as Mal/SpyEye-B and Troj/Agent-WHZ, and block access to the website hosting the dangerous code. - AMD, GMA News