Jump to content
Login new information ×
Login new information

Fake Facebook e-mail contains Trojan

DKT27

By DKT27
in Security & Privacy News

Recommended Posts

  • Administrator
DKT27

DKT27

Posted
  • Administrator
Posted

Fake Facebook e-mail contains Trojan

A new variant of the Bredolab Trojan horse is attached to a fake "Facebook Password Reset Confirmation" e-mail, security firm MX Labs is reporting.

Some users are receiving the e-mail from "The Facebook Team," according to the security firm. The sender's e-mail address displays "[email protected]." In reality, the address and sender were spoofed.

MX Labs found that the e-mail was accompanied by an attachment named, "Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe" that, the e-mail claims, contains the user's new Facebook password. The security firm said that the element between the underscore and .zip are randomly chosen letters and numbers for each recipient.

When a user downloads the file, it could wreak havoc on their computer. MX Labs said in a blog post that the Trojan horse Bredolab "executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions)." In other words, it's nasty.

Once it makes its way to the user's PC, Bredolab creates "%AppData%\wiaservg.log" and "%Programs%\Startup\isqsys32.exe" in the user's system files. MX Labs said that it also creates two new processes, called "isqsys32.exe" and "svchost.exe."

Another security watchdog, M86 Security, wrote that there's more to the outbreak than Bredolab. After it sneaks its way onto the user's computer, M86 said, Bredolab downloads a bot called Pushdo. The company found that Pushdo immediately starts "spamming out more of these Facebook password reset e-mails."

For its part, Facebook was quick to point out that the e-mail containing the virus wasn't coming from the social network.

"This virus is being distributed through email, not on Facebook," a Facebook spokesperson wrote. "The email is disguised as a Facebook password reset e-mail with an attachment that purportedly contains the new password, but is actually the virus. We're educating users on how to detect this through the Facebook Security Page."

Facebook said that users should be "suspicious of unexpected emails claiming to be from Facebook." The company also said that it will never send users a new password as an attachment.

Source

Link to comment
Share on other sites
  • Replies 4
  • Views 1.1k
  • Created
  • Last Reply
  • Administrator
DKT27

DKT27

Posted
  • Author
  • Administrator
Posted

For what? :blink:

Don't tell me you use FB?

If you do, the above info is not enough. ;)

Link to comment
Share on other sites
karachidude

karachidude

Posted
Posted

u talk too much :lol:

ohhhh...i forget u dont like the word thanks :P

Link to comment
Share on other sites
  • Administrator
DKT27

DKT27

Posted
  • Author
  • Administrator
Posted

Who doesn't? I do like that word. ;)

Just wanna know other's views on FB and Twitter like sties.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...