Here’s how it works.
If you get an email saying that a friend has uploaded a new photo of you, don’t click on it – instead, head on over to Facebook directly to verify it. If you don’t see a notification on Facebook itself, it’s the virus.
A new strain of malware identified by security firm Sophos as Troj/Agent-XNN has been circulating the social networking site, encouraging members to view photos as an attachment. After clicking on the infected link — which is disguised as a Facebook notification email — a ZIP file containing malware allows hackers to gain control over Windows-operated computers.
The Next Web also says the emails come with an image that looks a lot like a Facebook email.
As usual, don’t click on attachments in email that you aren’t expecting. You know, EVER.