New Bredolab variant target Facebook users

Posted by admin on May 4, 2010 in Security | 2 comments

MX Lab intercepts a new Bredolab trojan variant masked as an email from Facebook sent from the spoofed email address The Facebook Team <change@facebook.com>. The subject of the message is “Facebook Password Reset Confirmation! Your Support.” and the body of the email contains the following content:

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

As with the previous virus outbreak that targets Facebook users, this email contains instructions to open the attached document Facebook_password_357.zip. Once extracted the 56 kB big file Facebook_password_357.exe is available.

The trojan will create the following files on an infected system:

%Temp%\1.tmp
%System%\nnfj.tqo

The following Windows registry is created:

* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\idid

The following Windows registry was modified:

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
o Shell =

View full post on mxlab – all about anti virus and anti spam

Related posts:

  1. Sasfis trojan present in emails with subject Statement of fees 2009/2010 MX Lab intercepted messages with the subject “Statement of fees...
  2. Emails from USPS with subject Your Postal Package N*** contains a trojan MX Lab intercepts a new virus campaign regarding an undelivered...
  3. Facebook Phishing Scam Facebook users may be victim of a phishing scam if...
  4. Facebook Password Reset Confirmation Spams Be careful of the new round of spams about...
  5. New Oficla trojan variant targets Facebook users MX Lab detected a new variant of the Oficla trojan...

Related posts brought to you by Yet Another Related Posts Plugin.



2 Responses to “New Bredolab variant target Facebook users”

  1.   Facebook: Bredolab trojan virus di nuovo all’attacco by Advertising e Realizzazione Siti says:
    05/04/2010 at 07:35

    [...] – deve affrontare una nuova minaccia trojan. Bredolab – secondo quanto riportato da mxlab – è una vecchia conoscenza di Facebook che aggira gli utenti richiedendo loro di resettare [...]

  2. Facebook: Bredolab trojan virus di nuovo all’attacco | ciaoblog says:
    05/04/2010 at 08:34

    [...] – secondo quanto riportato da mxlab – è una vecchia conoscenza di Facebook che aggira gli utenti richiedendo loro di resettare [...]

Leave a Reply

Get Adobe Flash playerPlugin by wpburn.com wordpress themes