Facebook users have been targeted by a large-scale spam attack that informs them that their password has been reset, and that the attached zip archive contains their new password. Instead of a new password, users will find a trojan downloader, dubbed "Bredlab" or "Bredolab" by anti-virus companies.
The downloader then downloads additional malware from two servers, including fake anti-virus software, and joins the Bredolab botnet. This gives attackers full control of the PC, allowing them to steal user information or use the PC to send spam emails. One of the servers is based in the Netherlands, with the other in Kazakhstan, according to an alert on Websense, a security research company.
Security companies, including Symantec, Trend Micro, MX Lab and Websense, have issued warnings about the attack. Shunichi Imano, a securt researcher at Symantec told users on the firm's security blog: "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet."
Jamie Tomasello, abuse operations manager for Cloudmark, a messaging security company, said that her company has detected around 735,000 of the phony Facebook messages since Monday, and it continues to rise. "It's a pretty high volume," she said.
Image source: Websense