Sponsored by..

Tuesday 27 October 2009

"Facebook Password Reset Confirmation" trojan

This trojan claims to be something to do with a Facebook password reset, but it's a plain old EXE-in-ZIP trojan attack.


Subject: Facebook Password Reset Confirmation.
From: "The Facebook Team" <service@facebook.com>


Hey fortunes ,


Because of the measures taken to provide safety to our clients, your password has
been changed.

You can find your new password in attached document.


Thanks,
The Facebook Team

Attachments:
Facebook_Password_6c6eb.zip

The Trojan is widely detected as a version of Bredolab. ThreatExpert report is here.

Remember, if you can block EXE-in-ZIP files at your mail gateway, it is well worth doing.

No comments: