The next time Facebook sends you an email about a friend tagging you in a new picture, be cautious — it could be a trap. A new strain of malware identified by security firm Sophos as Troj/Agent-XNN has been circulating the social networking site, encouraging members to view photos as an attachment. After clicking on the infected link — which is disguised as a Facebook notification email — a ZIP file containing malware allows hackers to gain control over Windows-operated computers.
Although Facebook email notifications typically tell you which friends tagged you in a picture, this malware campaign states “one of your friends added a new photo with you to the album.” Here is a look at what the fake email message looks like.
This isn’t the first time spammers have used Facebook tagging to lure unsuspecting members. In July, SophosLabs detected another email circulating that did not contain attachments, but linked to compromised websites. These sites aimed to attack computers with the Blackhole exploit kit.