Fresh E-Mail Scam Striking Users of Facebook; MX Lab
Security investigators belonging to MX Lab, an e-mail security specialist based in Belgian has cautioned that malevolent e-mails, which pose as messages from Facebook are presently circulating online.
Displaying the header, "Facebook Support-Your password has been changed! ID09687," wherein the ID can have different numbers, the fraudulent electronic mails seem as sent from email@example.com or firstname.lastname@example.org.
Moreover, the text of the message addressing the Facebook user tells him that he doesn't have a secured password for his account; therefore a new password is being provided obtainable from an attached document that also contains detailed information regarding fresh measures for maintaining security. The e-mail then ends by thanking the user for reading the message and signs off in Facebook's name.
Meanwhile, the attachment displays 'New_Password_IN####.zip" as its name wherein # varies numerically as well as carries a file named New_Password.exe.
But, the particular .exe file is a Bredolab installer, a downloader of the PC Trojan normally utilized for disseminating other malicious programs, especially scareware through pay-per-install campaigns.
Disturbingly according to the MX Lab investigators, merely 6 anti-virus engines from a total of 42 at Virus Total were actually able to detect the Bredolab malware. Blog.mxlab.eu reported this on April 11, 2011.
In the meantime, a few other security companies too assigned the Trojan their own names like BitDefender called it Gen:Heur.VIZ.2, Sophos named it Mal/FakeAV-JX and ClamAV called it Trojan.Generic.Bredolab-2.
However, because of the maliciousness involved in the above kinds of scam e-mails, the MX Lab investigators recommend users of Facebook that they should watch out for any uninvited electronic mail, which talks of their new Facebook password. In addition they point out that Facebook won't ever send fresh passwords via e-mail. Therefore, any user who gets such an e-mail shouldn't ever open the given attachment since it may be carrying malware to infect his PC.
Eventually, during January 2011, an e-mail carrying malware just like in the aforementioned incident struck inboxes of the public. That e-mail asserted that the Facebook password of the recipient had been reset to observe safety since his account was found dispatching spam mails, the security investigators outlined.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 20-04-2011