People ask me many times how are the bad guys using Facebook to distribute malware. Even though there are multiple answers to that question, at the end of the day Facebook is just another way to communicate, and it has more that 400 million users, so it’s just another mean of transmission, as e-mails have been for a while.

What happens is that people is more confident in links they receive through Facebook than in the ones received via e-mail. And in some cases you can easily understand that. This is a real life example of a message that is circulating today in Facebook. You get this message in your inbox (translated from Spanish):

Adriana sent you a mesage

Subject: your photo

“Hi, is this you in the photo? http://www.facebook.com/l/8daf9;descargar68898201xxxxxxxxxxxxx/id735rp/
Good luck!!!!!”

If you click on the link, you will see the following message, where Facebook warns you :

facebook1

A regular user will click on “Continue” anyway. The screenshot is in Spanish, as this attack targets Spanish Facebook users:

facebook2

You are not in the real Facebook, but it looks like the real one, and even the URL is not that different, so the average joe user will go ahead. Of course, if you enter your real data you will be phished. But this is not all, after you enter your data and click on “Entrar”, you are redirected to another website, and the following message will pop up:

facebook3

The file that you are prompted to download is called “update.exe”. It is a banking Trojan, detected as Trj/Sinowal.WVM.

The best advice for these cases is the same we give on the e-mail: just delete any unsolicited message. And in case that the message is from a real contact, before clicking on any external link confirm with the sender that he’s really sent you that message.