We’ve already seen spam campaign theme that uses one of the famous Social Networking sites, Facebook. Like, Facebook Password Reset Confirmation, New login system, and Facebook updated account agreement.
CA ISBU came across an active spam email campaign containing a malware as file attachment, as seen on [Figure 1]. The spam mail informs the recipient that their password is not safe and it has been changed automatically by Facebook. It requires recipients to check the attachment containing the new password.
[Figure 1 - Fake Facebook email]
The email contains the Subject: Facebook. The new password to your account. N8601
The email contains the Body:
——————————————————————————————————–
Dear user of FaceBook.
Your password is not safe!
To secure your account the password has been changed automatically.
Attached document contains a new password to your account and detailed information about new security measures.
Thank you for attention,
Your Facebook
——————————————————————————————————–
Other emails may contain the following Subjects:
- Facebook password has been changed.
- Facebook Support. Personal data has been changed! ID#####
- Password has been changed. ID####
The email contains a malicious zipped file attachment with the filename New_Password_IN#####.zip and New_Password_NU####.zip. This file is detected by CA as a Win32/Bredolab variant.
***where ##### is 4 or 5 random number.
Again, we advise users to beware of these kinds of emails, avoid executing attachments coming from unsolicited emails and ensure that your CA Security Products are updated with the latest signatures.
Related Posts
- Facebook’s two-factor authentication announcement raises questions
Amid mounting criticism of Facebook's attitude to its users' privacy and safety, the social network has announced that it is introducing a two-factor authentication system in an attempt to prevent una... - “Facebook Support. Your password has been changed!” contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Facebook Support. Your password has been changed! ID09687″. Note that the nu... - Facebook flaw allowed websites to steal users’ personal data without consent
A couple of weeks ago two students conducting security research contacted me about a vulnerability which they believed they had found with Facebook.
Rui Wang and Zhou Li said that they had found a vu... - Email with new password from Facebook Support contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the message that your facebook account has been blocked because of spam that was sent from your accou... - Report Says Facebook Apps Share Personal Data With Advertisers
A report in today's Wall Street Journal finds that many Facebook applications have been transmitting Facebook user id (UID) data to advertisers in violation of Facebook policy and, in some ca... - New Oficla trojan in emails with subject “Your facebook password has been changed”
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your facebook password has been changed″
The email is send from the spoofed address “You... - The New York Yankees and DSLReports.com responsible for 30,000 more data loss victims
This message may repeat. This message may repeat. For those of us old enough to have fond memories of the phonograph, the phrase "broken record" may come to mind.Yes, more user information has been le... - Why you shouldn’t reveal your Royal Wedding Guest name on Facebook
In the absence of a genuine ticket to the real event, Facebook users are encouraging each other to reveal their Royal Wedding Guest name.Here's a typical message that is currently being spread by well... - Sony says credit card details *were* encrypted, but questions still remain
Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.Sony reassured users of the PlayStati... - Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate...
Posted on 14 April 2011. Tags: *NEW*, account, been, Changed, Data, Facebook, has, ID####, N8601, New_Password_IN#####.zip, New_Password_NU####.zip, password, Personal, support, the..., to..., Win32/Bredolab, your
The above information is reprinted from and copyrighted © by CA Security Advisor Research Blog.
