Capitalizing on the popular social networking site, attackers spoofed the domain facebookmail.com, the official domain used by Facebook for outbound e-mails when alerting users about an upcoming event. Initially, the attack is implemented as a message that appears to be from a Facebook member, claiming that they're adding the user as a network "friend." However, the fake e-mail also includes a zip attachment that claims to contain an image, and encourages the victim to double-click on it. In reality, the image contains a Trojan horse that is designed to install malware on the user's computer.

A Facebook login page is also included in the body of the e-mail, giving the spam message a greater appearance of legitimacy. Websense Security Labs, which first discovered the social engineering spam campaign, said in blog post that they would "not be surprised" if login page was distributed as a fake front to a phishing site.

In addition, an examination of the HTML form source code indicated that the phishing site was in actuality passing the user name/password to Facebook itself, possibly to give it increased authenticity or to circumvent reputation-based spam filters, Websense researchers said.

In recent months, Facebook has increasingly become a target for phishers and malware writers as its marketshare increased. Security researchers discovered a similar malware campaign targeting Facebook members, which circulated in June. The socially-engineered phishing message also enticed users by posing as an "add friend" invitation, but included a link that led victims to a malware-distributing Web site.