Facebook users targeted by botnet spam

Facebook users have been targeted by a large-scale spam attack that informs them that their password has been reset, and that the attached zip archive contains their new password. Instead of a new password, users will find a trojan downloader, dubbed "Bredlab" or "Bredolab" by anti-virus companies.

The downloader then downloads additional malware from two servers, including fake anti-virus software, and joins the Bredolab botnet. This gives attackers full control of the PC, allowing them to steal user information or use the PC to send spam emails. One of the servers is based in the Netherlands, with the other in Kazakhstan, according to an alert on Websense, a security research company.

Security companies, including Symantec, Trend Micro, MX Lab and Websense, have issued warnings about the attack. Shunichi Imano, a securt researcher at Symantec told users on the firm's security blog: "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet."

Jamie Tomasello, abuse operations manager for Cloudmark, a messaging security company, said that her company has detected around 735,000 of the phony Facebook messages since Monday, and it continues to rise. "It's a pretty high volume," she said.


Image source: Websense

Report a problem with article
Previous Story

Google to announce how to host your own Google Wave server

Next Story

Neowin hands on: Left 4 Dead 2 demo

22 Comments

Commenting is disabled on this article.

Big Brother Has a Name, and that Name is CLOUDMARK: This 1984-ish content-based "spam signature" filter gives Network Solutions and other web hosts and ISPs complete control over what emails YOU are allowed to send or receive. They can define whatever they choose to be a "spam signature", including the name of a cause they don't support, or the business telephone numbers of people who do. Here is how I know: tinyurl[dot]com/Cloudmark

This kind of thing is for stupid users only.

Who cares if they get infected? THEY are doing it to themselves. Let them pay Geek Squad $200 to clean their systems over and over.
Maybe they will learn after a while.

Yeah I don't want the stupids to be infected either. They all contribute to the massive bot-nets out there waiting to do damage. Sorry, we have to protect the stupids.

I got this 2 days ago, two of them, but it was for myspace not facebook, I've got neither so it's quite a fail for me

I must say i have gotten these phising attempts but they always are in my spam folder. Aol mails spam folder has been doing pretty well so far.

I also.The biggest give-away was that they have yet to be sent to the email address I used for the signup, so this isn't as a result of hacking access details but just another carpet bombing.

iamwhoiam said,
Anyone who uses Windows Live Mail Essentials would also be using OE as it's just a reskinned version.

I think a little work than a reskin was done to make Windows Live Mail.

iamwhoiam said,
Anyone who uses Windows Live Mail Essentials would also be using OE as it's just a reskinned version.

By that standard, any programs that do similar stuff are just reskins of each other.

Oh does it matter!!!??? It does the same thing as "pretty" Live Mail. This is like "who still uses music CDs when you can buy then download them off the net?" Just because there is something new doesn't mean you must upgrade.

that's the problem with society today. Everything think they should upgrade when they DON'T REALLY NEED TO.

We think it's random to show Outlook Express running on Windows XP. We are using Windows 7 now and it doesn't even come with Windows Mail yet alone Outlook Express. It's so random seeing Outlook Express being used in 2009 going on 2010. It shows how everybody is not protected by the latest version of Windows.

It doesn't even have cleartype on!

ozgeek: Are you 50+ years old? Maybe you should stop coming here to a tech news website when you want to listen to old news from 8 years ago.