rss
Twitter Delicious Facebook Digg Stumbleupon More
twitter

Facebook Virus

Posted on 12:23 PM by Aayush

A new variant of the Bredolab Trojan horse is attached to a fake "Facebook Password Reset Confirmation" e-mail, security firm MX Labs is reporting.
Some users are receiving the e-mail from "The Facebook Team," according to the security firm. The sender's e-mail address displays "service@facebook.com." In reality, the address and sender were spoofed.


MX Labs found that the e-mail was accompanied by an attachment named, "Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe" that, the e-mail claims, contains the user's new Facebook password. The security firm said that the element between the underscore and .zip are randomly chosen letters and numbers for each recipient.
When a user downloads the file, it could wreak havoc on their computer. MX Labs said in a blog post that the Trojan horse Bredolab "executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions)." In other words, it's nasty.
Once it makes its way to the user's PC, Bredolab creates "%AppData%\wiaservg.log" and "%Programs%\Startup\isqsys32.exe" in the user's system files. MX Labs said that it also creates two new processes, called "isqsys32.exe" and "svchost.exe."
Another security watchdog, M86 Security, wrote that there's more to the outbreak than Bredolab. After it sneaks its way onto the user's computer, M86 said, Bredolab downloads a bot called Pushdo. The company found that Pushdo immediately starts "spamming out more of these Facebook password reset e-mails."
For its part, Facebook was quick to point out that the e-mail containing the virus wasn't coming from the social network.
"This virus is being distributed through email, not on Facebook," a Facebook spokesperson wrote. "The email is disguised as a Facebook password reset e-mail with an attachment that purportedly contains the new password, but is actually the virus. We're educating users on how to detect this through the Facebook Security Page."
Facebook said that users should be "suspicious of unexpected emails claiming to be from Facebook." The company also said that it will never send users a new password as an attachment.
Those users that have downloaded the file should use anti-malware software to remove it. Click here for a list of security software available from CNET's Download database.

3 Response to "Facebook Virus"

.
gravatar
Thomas Says....

Thanks for information.
I am using McAfee internet security as my virus removal software and it's quite good.

.
gravatar
Unknown Says....

Thank u so much for such information.I take online virus scan support,it helps me so much in such issues.

.
gravatar
Vedic Astrology Signs Says....

I’m impressed, I need to say. Actually hardly ever do I encounter a blog that’s each educative and entertaining, and let me tell you, you may have hit the nail on the head. Your thought is excellent; the issue is one thing that not sufficient people are talking intelligently about. I’m very pleased that I stumbled across this in my seek for one thing relating to this.

__________________
Astrology
Vastu Shastra
marriage astrology

Leave A Reply

answers

Call me

counter

website hit counter
website hit counters
Visitors since November, 2009