Fake Facebook photo notifications carry malware

Fake Facebook notifications informing users that a friend has posted a new photo of them on the social network have been spotted hitting inboxes around the world.

The emails try to emulate the general look of notifications sent out by Facebook, and are titled “Your friend added a new photo with you to the album”:

The recipient is purportedly being contacted because he or she has been “listed as close friend”, and is urged to view the photo in the attachment.

Unfortunately, the attached New_Photo_With_You_on_Facebook_PHOTOID[random].zip file contains a piece of malware detected by Sophos as Troj/Agent-XNN.

The malware is a backdoor Trojan that copies itself to C:\Documents and Settings\All Users\svchost.exe, then adds itself to the Windows registry in order to be run every time the PC is booted.