1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New Bredolab Campaign Generates Fake Facebook Password Change Emails

Discussion in 'Security Updates' started by starbuck, Jan 21, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Security researchers from Avira warn that fake Facebook password change emails are trying to trick users into opening a malicious attachment that installs a version of the Bredolab trojan.

    The rogue emails carry a subject of "Facebook password has been changed. ID####," where # stands for a random digit, and purport to come from a @facebook.com address.

    The contained message reads: "Dear user of FaceBook! Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document."

    The attached file is called Facebook_Document_Id####.zip and contains an executable file with a Microsoft Word document icon. The .exe installs the trojan, but also downloads a legit .doc file from the Internet and opens it.

    This is probably done in order to avoid raising suspicion, however, giving that the text in the document is in Russian and the email is in English, it manages to look shady enough.

    Avira researchers warn that once executed, this version of Bredolab proceeds to download and install a fake antivirus program that mimics the appearance of Microsoft Security Essentials.

    Bredolab is a family of trojans primarily used as a malware distribution platform for scareware and other malicious applications.

    Back in October, Dutch authorities delivered a severe blow to the main Bredolab botnet after shutting down 143 of its command and control servers.

    At the same time, Armenian authorities arrested a man suspected to the Bredolab author at the Yerevan airport, as he was trying to flee the country.

    Despite these developments, other Bredolab-based botnets remain operational, especially in Russia. Researchers believe that at some point, the source code for the malware was either leaked or sold on the underground market.

    Security vendor Trend Micro named Bredolab as the sixth most interesting malware threat in 2010, after Stuxnet, Operation Aurora, ZeuS, SpyEye and Koobface.


    Source:
    http:/ ews.softpedia.com ews/New-Bredolab-Campaign-Generates-Fake-Facebook-Password-Change-Emails-179112.shtml
     
    starbuck, Jan 21, 2011
    #1

Share This Page