Facebook users are once again under attack. A new variant of Bredolab Trojan is spreading through spam email messages appearing to come from Facebook.
The messages pretend to come from the “The Facebook Team”, while the real SMTP from address is in fact spoofed. However, an attached archive file containing an executable file may infect users with a Trojan horse.
The following is an example of the spammed email messages:
|
Subject: Facebook Password Reset Confirmation.
Hey andi ,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
|
The attachment may come with the following name:
Facebook_Password_3db40.zip
or
Facebook_Password_[5 random characters].zip
This Bredolab Trojan downloads and executes further malware files on the affected machine such as rogue anti-virus software, and in order to bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe.
View full post on AIRC Blog
Related Posts
- Facebook Password Reset Confirmation Spams
Be careful of the new round of spams about Facebook Password Reset Confirmation. From: The Facebook Team <service@facebook.com>Subject: Facebook Password Reset Confirmation.Mail body:Hey gt ... - Email with new password from Facebook Support contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the message that your facebook account has been blocked because of spam that was sent from your accou... - Fake Facebook password reset leads to rogue AV
There is no stopping the abuse of social networking sites and an endless reign of social engineering tactics in email campaigns, be it spam or malicious. Facebook seems to be a favourite fo... - Amazon orders and email confirmation leads to PDF malware
Since last week, MX Lab intercepts emails with requests to confirm your email address or orders processed by Amazon. This campaign has been received in quite large quantities and we have been investig... - Facebook scammers go back to using Javascript
Facebook scammers know that in order to keep users falling for their scams, they have to use a variety of approaches. For example, there was a time where rogue applications were the scammers' preferre... - 500 free credits from Facebook – malware
There's no such thing as a free lunch - or free Facebook credits. As proof consider the attack described below which has several stages:1) Users get messages with o... - Facebook’s two-factor authentication announcement raises questions
Amid mounting criticism of Facebook's attitude to its users' privacy and safety, the social network has announced that it is introducing a two-factor authentication system in an attempt to prevent una... - Spam from your Facebook account? Malware attack poses as official warning
Cybercriminals are adopting a new disguise, following last week's "Facebook password changed" malware attack.
Computer users are discovering malicious code has been sent to their email inboxes, preten... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Facebook Password Has Been Changed…NOT!
We've already seen spam campaign theme that uses one of the famous Social Networking sites, Facebook. Like, Facebook Password Reset Confirmation, New login system, and Facebook updated account agreeme...
Posted on 05 May 2010. Tags: Confirmation, Email, Facebook, Malware, password, Reset, Spreading
I LOVE JUSTIN BIEBER!