Cyber criminals continue to use the popular social networking site Facebook to lure users into their bait.

A new threat follows the phishing operation that we blogged about just two weeks ago.

This current Facebook threat begins with the following spammed email message:

This bogus message tells recipients that a friend has added them to their social networking circle. Besides using a legitimate email address, the perpetrators also copied the format of the legitimate Facebook page.

All of the links found in the message body lead potential victims directly to the legitimate Facebook site, with the exception of the login button, which draws a blank page because of an intentionally incorect URL format.

Potential victims who think the attachment reveals “their mysterious friend” may actuially be tricked into opening it.

The attached .ZIP file supposedly contains a photo, but when unzipped the it contains an executable named picture instead.

The .EXE file is a worm which Trend Micro detects as WORM_AUTORUN.EAT.

Interestingly, two notable worms (WORM_KOOBFACE.E and WORM_KOOBFACE.D) used Facebook a month ago in their propagation routines. The popularity of social networking sites are clearly targeted for cyber criminals who are intent on infecting more users.

The Trend Micro Smart internet security protection Network already blocks the spammed email message before it reaches the inboxes of our users. It also detects WORM_AUTORUN.EAT at the desktop level and provides solutions for the removal of the worm. Web users are advised to refrain from downloading attachments in unexpected email messages, as these attachments may prove harmful to their systems.