According to Emsisoft, fraudulent emails with the subject, “Kaamil Mahmoud wants to be friends on Facebook,” trick users by directing them to a fake website instead of the original Facebook website. When recipients of this message click “Confirm Friend Request,” they are taken to a fake Facebook page.
The fake Facebook page shows the message, “Your version of Macromedia Flash Player is too old to continue. Download and install the latest version of Adobe Flash Player”. By clicking on “Download and Install,” the browser will download a malware file named updateflash.exe containing the Zeus trojan.
Not executing the file does not necessarily mean escaping the infection. The page will also load another address in the background including an exploit script.
Emsisoft advises people to update their operation systems and applications regularly especially security programs. They also advise opening friend requests through the Facebook page manually versus through email.