The popularity of the social network Facebook is abused again to spread Malware via Email. The spam mails arrive with the subject “Facebook password has been changed. ID” and contain a ZIP archive as attachment.
Inside the ZIP a file with the name “Facebook_Document.exe” is located which is trying to look harmless by using the icon of a Microsoft Word document.
Upon execution of the file in the ZIP attachment, the Backdoor downloads a Microsoft Word document and opens it if Microsoft Word is installed.
The document consists only of some words and does not contain any further malicious content. The victim will think that the document is the only thing which is opened, and that it shows the new Facebook password. But in the background a fake antivirus called “Microsoft Security Essentials” is downloaded and gets installed on the computer. This is not the real MSE software from Microsoft of course.
Avira protects the customers from this threat and added detection for the Backdoor as BDS/Bredolab.B and for the fake antivirus as TR/FakeAV.gba starting with VDF version 7.11.1.175.
Thomas Wegele
Virus Researcher
Full story: Avira – TechBlog
Related Posts
- Spammed IM Link to Fake Facebook Image Leads to Malware
Advanced threats researcher Jonell Baltazar recently spotted an instant message that contains a link to a malicious page.
The use of instant messages to spread malware is no longer new; neither... - Malicious Spam on the increase again
Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion o... - 500 free credits from Facebook – malware
There's no such thing as a free lunch - or free Facebook credits. As proof consider the attack described below which has several stages:1) Users get messages with o... - Spam from your Facebook account? Malware attack poses as official warning
Cybercriminals are adopting a new disguise, following last week's "Facebook password changed" malware attack.
Computer users are discovering malicious code has been sent to their email inboxes, preten... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Fake Certificate in Malware – with Message
The malware authors every now and then send us virus researchers some messages. For example in the compiled binary itself, or as debug output. Now we found a Zbot Trojan variant which tries to evade d... - Zbot and Black Hole Exploit Kit “all in one” fake Facebook notification Emails
Websense® Security Labs™ Threatseeker® network has detected a new malicious email campaign that masquerades as originating from Facebook. The campaign appears to ... - Facebook notification emails spreads malware
People have started getting the following email claiming that “Facebook Copyrights Department” has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow ... - This is how hacker steal your Facebook password
There's many attackers out there who want to steal your credential information. And no doubt, Facebook as one of the largest Social Networking sites in the world, always been a target of attack from t... - Facebook clickjacking: Malware takes on new Italian disguises
Non-English speaking Facebook users shouldn't be fooled into believing that they are somehow immune from the scams and attacks that plague the social networking site.
The latest few campaigns seen by ...
Posted on 21 January 2011. Tags: Bredolab, Facebook, Fake, mails, Malware, Spammed
