Facebook users hit by ‘password reset’ malware

28 Oct 2009

Coming from an email address displaying itself as The Facebook Team, users of the popular social-networking site are being bombarded with password reset emails containing a Trojan virus known as Bredolab.

According to managed email security firm MXLab, the email address may appear to be coming from “service@facebook.com”, but this is a spoofed SMTP and the attachment, a file named ‘Facebook_Password_4cf91.zip’ contains the Trojan virus although it claims to be a file containing a new password sent to the individual user by Facebook.

MXLab says if downloaded, the file could allow for the execution of internet programs such as malware or rogue anti-virus software.

Unlike the Facebook phishing attack back in May 2009, where bad links were distributed through hacked user accounts, this virus is not being circulated within Facebook but through email only.

Security firm M86 Security Labs said on its blog: “Inside the attached zip file is an executable file, that, if run, will install Bredolab, a malicious downloader.

“One of the first things we saw this Trojan horse download was the Pushdo bot, which began spamming out more of these Facebook password reset emails.”

By Marie Boran