MX Lab detected a new variant of the Oficla trojan that targets Facebook users and provides instructions on how to use the new password for their online Facebook account.
The emails is send from the spoofed email address The Facebook Team <profile@facebook.com> with subjects like for example:
Facebook Password Reset Confirmation! Customer Message.
Facebook Password Reset Confirmation! Customer Support.
Facebook Password Reset Confirmation! Important Message.
Facebook Password Reset Confirmation! Support Message.
Facebook Password Reset Confirmation! Your support.
The content of the email:
Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
Your Facebook.
The email contains the attachment Facebook_document_Nr1637.zip – where the last 4 digits ay vary – that contains the executable 48 kB large Facebook_document_Nr1637.exe once extracted.
The trojan is known as Trojan:Win32/Oficla.M (Microsoft), Trojan-Downloader:W32/Oficla.Y (F-Secure) or TR/Crypt.ZPACK.Gen (Antivir).
The trojan will attempt to download a rogue security program identified as TrojanDownloader:Win32/FakeScanti. The Win32/FakeScanti family of trojans will present themselfs as being genuine anti virus programs but instead are malware and display fake warning of possible virus infections on your system. As a user you will be offered to register and pay for the so-called anti virus software.
The following files are being created:
%Temp%\1.tmp
%System%\ngts.vao
The registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\idid” is created.
The registry key “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]” will be modified.
The trojan can establish a remote connection with the IP 195.78.108.201 on port 80 and retrieve data from hxxp://designfolkov.ru/hules/bb.php?v=200&id=256235564&b=26aprela&tm=2.
View full post on mxlab – all about anti virus and anti spam
Related Posts
- Koobface worm targets Mac users on Facebook, Twitter
A new variant of the Koobface worm that targets Mac OS X and Linux as well as Windows is spreading through Facebook, MySpace and Twitter, security researchers warned today.
View full post on Networ... - New Oficla trojan in emails with subject “Your facebook password has been changed”
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your facebook password has been changed″
The email is send from the spoofed address “You... - New Bredolab variant target Facebook users
MX Lab intercepts a new Bredolab trojan variant masked as an email from Facebook sent from the spoofed email address The Facebook Team <change@facebook.com>. The subject of the message is “... - “Download photoalbum” another variant of “i got u surprise”
Previously we have written about the "i got u surprise" spam trojan on Facebook. And today, we still discovered another variant. This time, the message that is received by the victim is only "u?" and ... - Facebook Users Get Invited to a Spam Event
For sometime now we’ve been reporting threats targeting Facebook users, most of which result in users unknowingly spreading spammy links to their networks. We’ve seen different social engi... - ZeuS Targets Mobile Users
As early as 2006, Trend Micro already recognized the fact that the BlackBerry technology could be exploited by cybercriminals. The smartphone may have remained spared from malware attacks over the yea... - Trojan Spreading through Facebook chat.
Facebook photos have become a new target for cyberthieves looking to direct users to malicious sites. Recently spam chat and email message were sent from compromised Facebook user account to their... - Facebook Stalker Tracker Tool Turns Users into Spammers
Privacy has been one of the major concerns of Facebook users roday, especially as the social network continues to increasingly grow to become a massive directory of personal information. Users are bec... - Russian mobile users targeted by SMS Valentine Trojan
A Valentine's Day mobile application, which promises to send an romantic MMS message to a loved one, actually hides a money-making scheme that sends expensive messages to a Russian premium rate SMS nu... - Facebook flaw allowed websites to steal users’ personal data without consent
A couple of weeks ago two students conducting security research contacted me about a vulnerability which they believed they had found with Facebook.
Rui Wang and Zhou Li said that they had found a vu...
Posted on 04 May 2010. Tags: Facebook, Oficla, Targets, Trojan, users, Variant
Thank you my friend got this on her computer I will use to get rid of it
Thanks a lot!
Thanks–those morons are annoying.