MX Lab intercepts a new Bredolab trojan variant masked as an email from Facebook sent from the spoofed email address The Facebook Team <change@facebook.com>. The subject of the message is “Facebook Password Reset Confirmation! Your Support.” and the body of the email contains the following content:
Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
Your Facebook.
As with the previous virus outbreak that targets Facebook users, this email contains instructions to open the attached document Facebook_password_357.zip. Once extracted the 56 kB big file Facebook_password_357.exe is available.
The trojan will create the following files on an infected system:
%Temp%\1.tmp
%System%\nnfj.tqo
The following Windows registry is created:
* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\idid
The following Windows registry was modified:
* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
o Shell =
View full post on mxlab – all about anti virus and anti spam
Related Posts
- New Oficla trojan variant targets Facebook users
MX Lab detected a new variant of the Oficla trojan that targets Facebook users and provides instructions on how to use the new password for their online Facebook account.
The emails is send from the s... - Facebook Users Get Invited to a Spam Event
For sometime now we’ve been reporting threats targeting Facebook users, most of which result in users unknowingly spreading spammy links to their networks. We’ve seen different social engi... - Facebook Stalker Tracker Tool Turns Users into Spammers
Privacy has been one of the major concerns of Facebook users roday, especially as the social network continues to increasingly grow to become a massive directory of personal information. Users are bec... - Phishing Attacks Target Twitter Users
A new attack on Twitter users has been arriving as spam with a phishing link. It appears as a notification about an unread message from Twitter Support with a subject line such as “Twit 73-923.&... - Facebook flaw allowed websites to steal users’ personal data without consent
A couple of weeks ago two students conducting security research contacted me about a vulnerability which they believed they had found with Facebook.
Rui Wang and Zhou Li said that they had found a vu... - Facebook Now Officially Supports HTTPS for Users
In line with Data Privacy Day this Friday, Facebook announced its rollout of Secure Sockets Layer (SSL) capability for all of its services. Facebook has taken some heat for its lack of SSL support, ... - Bredolab Malware spammed via fake Facebook Mails
The popularity of the social network Facebook is abused again to spread Malware via Email. The spam mails arrive with the subject “Facebook password has been changed. ID” and contain a ZI... - My 1st St@tus scam hits Facebook users hard, spreads virally
Thousands upon thousands of Facebook users have been hit by a new survey scam spreading virally across the social network.
Messages claiming to be users' first ever Facebook status updates are being ... - Facebook scares users with account protection status warning
Over the last few weeks we have been contacted by a number of members of the Sophos Facebook page, concerned by a message they saw on Facebook, warning them that their account protection was "very lo... - Hackers, spammers will target Facebook Messages, say experts
Facebook's revamped Messages will be a very attractive target for spammers, scammers and malware makers, security experts said today.
Source: Computerworld Security News...
Posted on 04 May 2010. Tags: Bredolab, Facebook, Target, users, Variant
[...] – deve affrontare una nuova minaccia trojan. Bredolab – secondo quanto riportato da mxlab – è una vecchia conoscenza di Facebook che aggira gli utenti richiedendo loro di resettare [...]
[...] – secondo quanto riportato da mxlab – è una vecchia conoscenza di Facebook che aggira gli utenti richiedendo loro di resettare [...]