A new variant of the Bredolab Trojan horse is attached to a fake "Facebook Password Reset Confirmation" e-mail, security firm MX Labs is reporting.
Some users are receiving the e-mail from "The Facebook Team," according to the security firm. The sender's e-mail address displays "service@facebook.com." In reality, the address and sender were spoofed.
MX Labs found that the e-mail was accompanied by an attachment named, "Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe" that, the e-mail claims, contains the user's new Facebook password. The security firm said that the element between the underscore and .zip are randomly chosen letters and numbers for each recipient.
When a user downloads the file, it could wreak havoc on their computer. MX Labs said in a blog post that the Trojan horse Bredolab "executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions)." In other words, it's nasty.
Once it makes its way to the user's PC, Bredolab creates "%AppData%\wiaservg.log" and "%Programs%\Startup\isqsys32.exe" in the user's system files. MX Labs said that it also creates two new processes, called "isqsys32.exe" and "svchost.exe."
Another security watchdog, M86 Security,
wrote that there's more to the outbreak than Bredolab. After it sneaks its way onto the user's computer, M86 said, Bredolab downloads a bot called Pushdo. The company found that Pushdo immediately starts "spamming out more of these Facebook password reset e-mails."
For its part, Facebook was quick to point out that the e-mail containing the virus wasn't coming from the social network.
"This virus is being distributed through email, not on Facebook," a Facebook spokesperson wrote. "The email is disguised as a Facebook password reset e-mail with an attachment that purportedly contains the new password, but is actually the virus. We're educating users on how to detect this through the
Facebook Security Page."
Facebook said that users should be "suspicious of unexpected emails claiming to be from Facebook." The company also said that it will
never send users a new password as an attachment.
Those users that have downloaded the file should use anti-malware software to remove it. Click here for a list of
security software available from CNET's Download database.
3 Response to "Facebook Virus"
Thanks for information.
I am using McAfee internet security as my virus removal software and it's quite good.
Thank u so much for such information.I take online virus scan support,it helps me so much in such issues.
I’m impressed, I need to say. Actually hardly ever do I encounter a blog that’s each educative and entertaining, and let me tell you, you may have hit the nail on the head. Your thought is excellent; the issue is one thing that not sufficient people are talking intelligently about. I’m very pleased that I stumbled across this in my seek for one thing relating to this.
__________________
Astrology
Vastu Shastra
marriage astrology
Leave A Reply