Security experts from the M86 Security Labs team have recently intercepted another spamvertised malware campaign that uses fake notifications from Facebook as a social engineering element.
Spamvertised via the Cutwail botnet, this new malware campaign impersonates Facebook as it tries to convince users to click a fake notification message which is supposedly from Facebook. Unfortunately, the HTML source for the email offers a link to a highly malicious iFrame which leads to a BlackHole internet malware exploitation kit. Once a user clicks the link, the exploitation kit checks for any remotely exploitable client applications or browser plugins, and proceeds to administer the malware.
This goes without saying, but Internet users are encouraged to not interact with spam emails or click any links unless you are certain of their origin.