Facebook Password-Reset Spam is Botnet Attack

Virus hunters are raising the alarm for a large-scale spam attack
that uses fake Facebook password-reset messages to trick PC users into
downloading a dangerous piece of malware. 
The malicious executable is linked to the Bredolab botnet, which has
been linked to massive spam runs and identity-theft related attacks.

Virus hunters are raising the alarm for a large-scale spam attack
that uses fake Facebook password-reset messages to trick PC users into
downloading a dangerous piece of malware. 
The malicious executable is linked to the Bredolab botnet, which has
been linked to massive spam runs and identity-theft related attacks.

 Here’s a sample of the Facebook password-reset messages hitting e-mail inboxes this morning:

 

 

 

 

 

 

 

 

 

 

 

 

According to Websense,
the address of the sender is spoofed to display “support@facebook.com,”
a trick commonly used to trick targets into believing it’s a legitimate
e-mail from the popular social network.

The messages contain a .zip file
attachment with an .exe file that connects to two servers to download
additional malicious files and joins the Bredolab botnet which means
the attackers have full control of the PC, such as steal customer
information, send spam emails. One of the servers is in the Netherlands
and the other one in Kazakhstan.

Suggested articles

Discussion

  • Karen.humphreys on

    Cant log in 2 my facebook with my pass word and phone number and ive tryed everthing.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.