Facebook users targeted by fake AV

Facebook users are once again in danger of getting their computers compromised as a new spamming campaign urging them to update their account agreement is currently under way.

Panda Labs has already received 16,000 emails since yesterday, and that is probably just the tip of the iceberg.

This is what the e-mail looks like:


It tries to scare the users into downloading the attached agreement.zip, saying that if they don”t update their account agreement, their account will be restricted.

If you do as you”re told, and you unzip and run the executable, you”ll become the owner of your very own rogue AV solution by the name SecurityTool.

Apart from displaying constant warnings about your computer being infected, SecurityTool will also restart it, prevent the running of .exe files and leave the screen blue so that you can”t work with it.

This last claim seems unlikely to me. Presumably, it allows you to pay for the solution? If it doesn”t, what”s in it for the authors?

In any case, Facebook users should do well to remember that any such changes or updates are never sent by mail but published in their personal account.