It is good practice to tell someone you are going to send them an e-mail with an attachment. If we all did that, hackers wouldn’t have so much success sending e-mails with attachments.

And now, on to another point.  The Avira Antivir anti-virus I use didn’t detect the malware that was inside the file, which is disturbing. The zip file is configured to aut0-execute an .exe file inside it, named Facebook_password_<random characters>.exe.

Yes, you guessed it, it’s malware and it’s NOT from Facebook.

If you get an e-mail that tells you your password has been changed and your password is in the file attached to the e-mail, it’s a virus, worm or some other form of malware intended to get control of your computer, steal your data or do something else dreadful.

After I uploaded the attachment, here’s what the Avira website shows:


We received the following archive files:

File ID Filename Size (Byte) Result
25649067 Facebook_password…74.zip 50.09 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID Filename Size (Byte) Result
25647098 Facebook_password…74.exe 56 KB UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename Result
Facebook_password…74.exe UNDER ANALYSIS

The file ‘Facebook_password_35374.exe’ has been determined to be ‘UNDER ANALYSIS’.


After analysis, Avira identified this as a variant of the Sasfis Trojan, so yes, indeed it was malware and absolutely NOT a message from Facebook.  They quickly drafted a new virus definition file (v7.10.06.56) and released it within 24 hours of my uploading the file to them.

http://www.symantec.com/security_response/writeup.jsp?docid=2010-020210-5440-99&tabid=2

Pages: 1 2

Support InetDaemon.Com