Fake Facebook Email Contains Bredolab Trojan

Beware any emails from The Facebook Team and email address service@facebook.com, as security firm MX Labs reported that a new variant of the Bredolab Trojan horse is attached to a fake “Facebook Password Reset Confirmation” e-mail, and the Facebook information is spoofed, according to CNET.

The email contains an attachment, Facebook_Password_4cf91.zip, which includes the file Facebook_Password_4cf91.exe (according to MX Labs, the element between the underscore and .zip is made up of randomly chosen letters and numbers for each recipient), and when users download the file, Trojan horse Bredolab executes Internet files such as bogus anti-spyware software, CNET reported.

M86 Security added that Bredolab also downloads a bot called Pushdo, which immediately starts “spamming out more of these Facebook password reset e-mails,” according to CNET.

A Facebook spokesman told CNET:

This virus is being distributed through email, not on Facebook. The email is disguised as a Facebook password-reset email with an attachment that purportedly contains the new password, but is actually the virus. We’re educating users on how to detect this through the Facebook Security Page.

Facebook advised users to be suspicious of unexpected emails supposedly originating from the social-networking site and said it would never send a new password as an attachment, CNET reported.

david.cohen@adweek.com David Cohen is editor of Adweek's Social Pro Daily.
Publish date: October 27, 2009 https://dev.adweek.com/digital/fake-facebook-email-contains-bredolab-trojan/ © 2020 Adweek, LLC. - All Rights Reserved and NOT FOR REPRINT