A new password-stealing spam e-mail spread globally last week, putting the more than 400 million Facebook users worldwide at risk.The e-mail, which appeared to be sent from Facebook, warned users their password was changed because of security reasons and provided an attachment with the new password. Once opened, the attachment installs a password-stealing malware that can access all username-password combinations in the system, according to the McAfee Security Insights Blog.The ITS Help Desk in Middleton Library said they had not yet received any reports from students affected by the spam.The spam is suspected to be sent by Botnets — hacker-controlled malicious computers — named Cutwail and Rustock, according to an article by PCWorld Business Center.Ren Simmons, business senior and ITS Help Desk analyst, said students should look for indicators of spam mail.”Usually, I look at the domain name, which would be Facebook.com,” Simmons said. The suspicious e-mails would have different domain names, he said. He also said students should delete any suspicious e-mails without opening them.The McAfee blog said poor grammar and awkward greetings, such as “Dear user of Facebook,” are also indicative of spam.Most spam e-mail attachments contain some form of malware, which installs unwanted programs in the system without the user’s consent, said Jian Zhang, computer science assistant professor.He said malware is designed to gain remote access of the user’s computer.”Normally, they are disguised as useful applications,” said Rajgopal Kannan, computer science associate professor. “People click them, and they turn out to be bad.”He also said malware spreads through social networking sites because of their popularity and large user bases.Web sites allowing users to watch online movies or videos also pose a risk to computers.Zhang suggested students take precautions while viewing e-mails and Web sites. He said students should always frequently run automatic updates on their computer.”Malwares are evolving and so are the defenses against them,” Kannan said. “One can’t write a generic defense against all future malwares.”Zhang said users must be certain about the authenticity of the sender.”Before you view the mail, ask yourself, ‘Do I trust the sender?’ If anything seems suspicious, just don’t view it,” Zhang said.Once the malware hacks into the system, it has the same access privileges as the user, Kannan said. He suggested students browse Web sites from an additional ‘guest’ account with lesser privileges.He also suggested students try using University computers to view e-mails instead of their laptops.”The e-mails coming there are cleaned by the system administrator,” he said. “The risk goes into the computer instead of the laptop.”—-Contact Sumit Kumar at [email protected]