This is a discussion on FACEBOOK THREAT ALERT: Facebook Password Reset Confirmation! Customer Support. within the Entertainment board part of the General category; Are you active in Facebook? You must know this new malware. If you receive a mail as stated below, please ...
Are you active in Facebook? You must know this new malware. If you receive a mail as stated below, please do not open or download. Just dump them into the trash. Probably, the one who started this thread must have thought that people were fools.
Be aware of such threats. I'm posting a pic as well. This thread is just to alert Facebook users.
I received this mail today, be sure even you delete it when you get it.
Facebook Password Reset Confirmation! Customer Support.
Dear user of facebook,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Attachement: Facebook_password_47423.zip (65K)
There are many who got affected because of this malware, so I managed to Google something about this threat.
The trojan variant, with botnet capabilities, is known as Bredolab.gen.a, Trojan.Downloader.Bredolab.AZ (BitDefender), or W32/Obfuscated.D2!genr (Norman). Bredolab downloads from the Web and executes malicious files on an infected computer. Bredolab includes code that after it finishes encrypting user data files, it can quit the botnet after reboot or if an external program attempts to analyze its activities. With the Bredolab botnet, attackers can gain complete control of the PC and collect data; for example, steal personal information and send spam emails to the user’s list of email addresses.
The ‘From’ address in the email shows as “The Facebook Team ” but, in reality, the SMTP ‘From’ address is bogus. The message includes a .zip file attachment with an .exe file labeled Facebook_Password_4tf52.exe. The section between “_” and “.zip” is chosen randomly and comprises of letters and numbers. The malicious “Facebook_Password” .exe file connects to two servers, one server in the Netherlands and the other one in Kazakhstan, in order to download additional malicious files.
Trojan.Downloader.Bredolab.AZ will create the files %AppData%\wiaservg.log and %Programs%\Startup\isqsys32.exe. In order to bypass firewalls, Bredolab adds its own code into the real processes svchost.exe and explorer.exe. Then Bredolab will try to connect to the remote host 220.127.116.11 on port 80.
Last edited by razathru; 02-25-2010 at 03:50 PM.
Nice share,I hope the members will read this so they'll be more alert
it is a scam i think
Thanks you saved me.