Jump to content

New Bredolab Campaign Generates Fake Facebook Password Change Emails

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

Security researchers from Avira warn that fake Facebook password change emails are trying to trick users into opening a malicious attachment that installs a version of the Bredolab trojan.

 

The rogue emails carry a subject of "Facebook password has been changed. ID####," where # stands for a random digit, and purport to come from a @facebook.com address.

 

The contained message reads: "Dear user of FaceBook! Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document."

 

The attached file is called Facebook_Document_Id####.zip and contains an executable file with a Microsoft Word document icon. The .exe installs the trojan, but also downloads a legit .doc file from the Internet and opens it.

 

This is probably done in order to avoid raising suspicion, however, giving that the text in the document is in Russian and the email is in English, it manages to look shady enough.

 

Avira researchers warn that once executed, this version of Bredolab proceeds to download and install a fake antivirus program that mimics the appearance of Microsoft Security Essentials.

 

Bredolab is a family of trojans primarily used as a malware distribution platform for scareware and other malicious applications.

 

Back in October, Dutch authorities delivered a severe blow to the main Bredolab botnet after shutting down 143 of its command and control servers.

 

At the same time, Armenian authorities arrested a man suspected to the Bredolab author at the Yerevan airport, as he was trying to flee the country.

 

Despite these developments, other Bredolab-based botnets remain operational, especially in Russia. Researchers believe that at some point, the source code for the malware was either leaked or sold on the underground market.

 

Security vendor Trend Micro named Bredolab as the sixth most interesting malware threat in 2010, after Stuxnet, Operation Aurora, ZeuS, SpyEye and Koobface.

 

 

Source:

New Bredolab Campaign Generates Fake Facebook Password Change Emails - Softpedia

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...