Trojan attack targets Facebook users

Powered by SC Magazine
 

Malware scam claims to offer password reset confirmation.

Security experts have warned Facebook users to be on the alert after the discovery of a new password malware scam linked to the Bredolab Trojan.

Email security firm Websense claimed yesterday to have seen 90,000 instances of the attack, calling it a "new wave of malicious spoof email attacks".

The messages purport to come from Facebook and are designed to appear as a simple password reset confirmation. However, a .exe file in the mail contains a hidden virus with a nasty payload.

Websense said in a security alert that the .exe file connects to two servers in order to download additional malicious files. The victim's PC then joins the Bredolab botnet, giving hackers full control.

"This spam email attack is designed to play on the subject at the forefront of users' minds: their password security," said Carl Leonard, Websense security labs manager.

"Falling for this scam could lead to the unsuspecting user becoming part of a botnet. With the recent hack of web email accounts, users would feel more compelled to open an attachment that purports to hold their new password, as they'd be worried who changed it in the first place.

"Our advice for users is to always go directly to the web address you have an account with and reset passwords there."

Graham Cluley, senior technology consultant at Sophos, confirmed that the malicious emails have been spammed out widely across the internet.

"The 'from' address has been forged, and the attached file is in fact a piece of malware. Sophos detects the malware as Troj/BredoZp-M or Mal/Bredo-A," he wrote in a blog post.

"Don't make life easy for the hackers hell-bent on infecting your computer, stealing your identity and emptying your bank account. Exercise caution when you receive unsolicited emails, and protect your computer with up-to-date security software.

Copyright ©v3.co.uk


Trojan attack targets Facebook users
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 897

Vote