Beware: Trojan Disguised As A Facebook Email On The Loose [Updates]

Ads by Google

If you’ve received an email from Facebook telling you about a new photo you were tagged in, be extra careful. As first discovered by Sophos, a fake email that’s going around has been urging people to open the included attachment by claiming to contain a new photo you’ve just been tagged in on Facebook. It makes the proposition even more tempting by claiming the tagger has listed you as “close friend”.

The email comes complete with Facebook’s blue colors and familiar design, as you can see in the screenshot below from Sophos, so that despite the suspicious text, those who don’t bother to read it can easily be duped into clicking the attachment. The attachment itself has been identified as Troj/Agent-XNN, which disguises itself as a Sun Java updater, and runs every time you boot your PC.

The email reads:


One of your Friends has added a new photo of you to the album.

You are receiving this email because you’ve been listed as a close friend.

[View photo with you in the attachment]

While this email is easily identified as spam when you put your mind to it, we don’t always bother to do so when receiving emails from Facebook. It’s worth it, however, to pay close attention, and at least check who the email is really coming from. In this case, the From address is <>. This can change from email to email, but looking at it closely, the address is obviously a fake.

Ads by Google

Source: Sophos

Image credit: Trojan image via Shutterstock

Check out more about:

19 Comments - Write a Comment


Kundan Bhardwaj

Not again, some months if you remember there was a JavaScript trick for facebook in which if you clicked it all your friends were sent that url as you got it. In todays time we have to be careful over the internet, it is very dangerous out there.


April Eum

i assume this is why i have also spam comments and messages.



I cant beleive on it


Kaashif Haja

I hear from my friends that their accounts have been hacked.
Well, I have to careful then..



Thnx for this info…


Ruben Marrero




thanks for that info..


Quebec Twosix

The use of “Social engineering” to deliver a computer infection is not anything radically new, but it is fantastically effective. The best thing is that people will will click upon the link, and then openly refuse to accept their stupidity. For clicking on a link of an IM or E-Mail where someone you don’t know, and have never met, states that “they have a photo of you is stupid.”

Sadly we are now in the era of global social media, where people no longer count their friends upon their fingers, but in the 1,000’s because they are listed as such in the social application. The more friends means that you are more popular & afterall these are truly global friends.

Enter the point, where years ago following a fairly significant virus outbreak within a global company I publically lamblasted the head of security for clicking on a link of a message stating that “here is a new photo of your mother I have”, from a person who he had never met; nor would his mother. He clicked the link because it came from a trusted source.

A trusted source is the issue, because the offending message was delivered through the corporate portal and therefore should be considered trustworthy – point taken, hummm pause for thought.

Maybe it’s not a case of “stupidity”, but trust, and the less well informed will inevitably click on the link, and then be faced with a java update that will reboot the computer and install a virus.

Hopefully, the mail in question will arrive as spam, and will quickly be eradicated; but we all live in hope

Yaara Lancet

Thank you for this elaborate comment! I agree, the lines between someone we know and trust and someone we don’t know have become blurred, at least more so than they were a few years ago. I make a conscious effort to only add Facebook people I actually KNOW.

But yes, it’s surprising how quick people are to trust links because of their source. A while back my friend’s MSN account got hacked, and I kept receiving weird links from her. I never clicked them, but I do wonder how many of her friends did.

Randy Thiesen

Having a GOOD up to date antivirus or security suite definitely helps matters when it comes to staying safe on these sites.


Igor Rizvi?

Thanks for the usefull information!


Nikhil Pandey

You can also get spam mails from any email. its possible. i pranked my friend by sending a mail from which worked and there were no traces. See how to do Here

Yaara Lancet

Yes, it’s definitely possible. Looking at the “from” address is just one way to determine what’s spam or not. There are many other signs.

Nikhil Pandey

Using the method above, the from seems to be original. Its not possible to determine wether its spam or not.


Heidi Smith

Thanks, great work letting us know!


Teodoro Villamarzo

The more we know, and reminded of, the more we can practice safe internet browsing. Thanks, Yaara, for ths warning.


Shahzad Billimoria

cool beans


Kp Rao



Arup Ghosh

Facebook should take care for this kind of stuffs .

Your comment