Thursday, October 29, 2009

Warning to All Facebook Users - Fake Facebook e-mail contains Trojan

Let’s admit it, Facebook is part of our life. I myself is infected with this “facebook addiction” thingy. We can do anything there, play games -- which make me sleep for only 4 hours a day, post something whatever we’d like to tell the whole wide web. And its good, we can let everybody know whats we’re in to with just one click, and we can meet more people and find long lost colleagues.

But here is an alarming news from MX Labs. Here is CNET news:
A new variant of the Bredolab Trojan horse is attached to a fake "Facebook Password Reset Confirmation" e-mail. If you received e-mail from "The Facebook Team" that displays mail address well, the address and sender were spoofed. That e-mail is accompanied by an attachment named, " and includes the file Facebook_Password_4cf91.exe". It contains the user's new Facebook password. The security firm said that the element between the underscore and .zip are randomly chosen letters and numbers for each recipient.

Here is an alarming part…
When a user downloads the file, it could wreak havoc on their computer. The Trojan horse Bredolab executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the Trojan might quit itself when an external program investigates its actions). Once it makes its way to the user's PC, Bredolab creates "%AppData%\wiaservg.log" and "%Programs%\Startup\isqsys32.exe" in the user's system files. It also creates two new processes, called "isqsys32.exe" and "svchost.exe."

After it sneaks its way onto the user's computer, Bredolab downloads a bot called Pushdo. The company found that Pushdo immediately starts "spamming out more of these Facebook password reset e-mails."

For its part, Facebook was quick to point out that the e-mail containing the virus wasn't coming from the social network.

"This virus is being distributed through email, not on Facebook," a Facebook spokesperson wrote. "The email is disguised as a Facebook password reset e-mail with an attachment that purportedly contains the new password, but is actually the virus. We're educating users on how to detect this through the Facebook Security Page."
Facebook said that users should be "suspicious of unexpected emails claiming to be from Facebook." The company also said that it will never send users a new password as an attachment.

I haven't received this kind of e-mail, I am now very cautious. This is an outbreak already. Oh, if you happen to have downloaded the file you should use anti-malware software to remove it.

Here is a list of security software available from CNET's.


  1. Thank god. I din get addicted to that. I just avoided it since i got a lot of invitations.

  2. thanks for letting me know...

  3. I'm a FB addict.. Thanks 4 ur valuable info..:)