Websense Security Labs reported yesterday that its malware detection system has discovered a rise in emails posing as Facebook friend requests that actually contain attachments with Trojan horses.

The email’s domain is spoofed to appear from facebookmail.com, the domain Facebook uses for real email notifications, and the form elements in the email actually lead to Facebook.com, not a phishing site. The email is purely an attempt to get users to open the .zip file, purportedly from a friend, which ends up installing malicious code on the user’s machine. According to the report,

It is common for Facebook to send an email to notify their users when another Facebook user adds them as a friend on the social network. However, the spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse.

Of course, most anti-virus and spam-detection systems will pick up this old-school method of distributing malware. However, reports like this show that spammers are increasingly making use of social engineering approaches to increase open rates of malicious attachments for those emails that do get through.