As you know, Facebook normally blocks the exchange of executable files and does not allow attaching executables to messages to prevent the risk of malware. However, security blogger Nathan Power reports that after adding the space to the end of a filename it has been possible to avoid this restriction and send messages not only to your contacts. Of course, after being notified Facebook fixed this problem immediately but still denies that this fix was necessary.
The statement from Facebook announces that users have never been at the risk of malware because there is more than one security layer which protects people from being infected unnoticeably for the victim. In addition, they claim that Facebook Messages has antivirus protection that scans every message for malware and malicious links. However, they claim that they spent some time for the further investigation and determined which scenarios were behaving undesirably.
Emails with malicious executables seem to be one of the most popular ways to attack unaware users. By tricking users into opening them, vulnerable systems can get infected very easily what additionally leads victims to data loss, identity theft or unexpected money transfer from their bank accounts. We highly recommend avoiding opening suspiciously looking emails and the ones that come from people you don’t know.