Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Massive bot attack spoofs Facebook password messages

28 Oct 2009   #1

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 
Massive bot attack spoofs Facebook password messages

Quote:
Massive bot attack spoofs Facebook password messages

'Bredolab' Trojan rides fake reset messages, reaches at least 735,000 users

By Gregg Keizer
October 28, 2009 03:56 PM ET

Computerworld - A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.

The attack, which began Monday afternoon, according to e-mail security vendor Cloudmark, targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. The messages, which come bearing subject lines such as "Facebook Password Reset Confirmation," include a file attachment that supposedly contains the new password.

In fact, the attached .zip file includes a Trojan downloader, dubbed "Bredlab" by some antivirus companies, "Bredolab" by others. The downloader grabs a variety of malware from hacker servers, including fake security software, or "scareware," and installs attack code and rogue antivirus applications on the compromised PCs.

Multiple security companies, including Symantec, Trend Micro, MX Lab and Websense, have put out warnings about the attack campaign. "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet," said Shunichi Imano, a security researcher at Symantec, in a post to the firm's security blog.
More at: Massive bot attack spoofs Facebook password messages

My System SpecsSystem Spec
.

28 Oct 2009   #2

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 
Twitter warns of new phishing attack

Quote:
Twitter warns of new phishing attack

By Robert McMillan
October 28, 2009 05:03 PM ET

IDG News Service - Twitter warned users Tuesday of a new phishing scam on the social networking site.

It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.

"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page.

The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.

Neither of these pages appears to include any type of attack code, but both should be considered untrustworthy, according to Sophos Technology Consultant Graham Cluley. "It seems like this was a straightforward phishing campaign, rather than an attempt -- at this stage at least -- to spread virally," he said via email.
More at: Twitter warns of new phishing attack
My System SpecsSystem Spec
29 Oct 2009   #3

Windows 7 x64 (SP1)
 
 

Only common sense can protect us...OH CRAP! Someone stole my common sense! Nooo!
My System SpecsSystem Spec
.


29 Oct 2009   #4

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

Quote   Quote: Originally Posted by logicearth View Post
Only common sense can protect us...OH CRAP! Someone stole my common sense! Nooo!
+1

I am reading the future...I will get calls from my clients tomorrow after they realized they gave their precious password away to failbook

No offence to anyone who likes them but...the internet would be much better off without facebook, twitter, or myspace

Just my opinion
My System SpecsSystem Spec
29 Oct 2009   #5

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

Opinions noted! The more loose gimics like Twitter and twidly dummer that appear the more vulnerable people will make themselves when passing along any important data.

The main problem with all those from the start is not seeing things like antiphising filters, antivirus, and other protections you would commonly see inplace on the average pc. There's no options for multi layer protection on those to begin with.
My System SpecsSystem Spec
29 Oct 2009   #6

Windows 7 Ultimate x64
 
 

All these emails could have been prevented if people setup decent mail servers.

Facebook sign their emails with a DKIM signature which has a public key published in DNS. Mail servers can be configured to check for these signatures and their validity to ensure the email arrived from the domain it claims to have come from.

I have this very configuration and no longer receive any spoofed messages from the likes of gmail/googlemail, ebay, facebook, paypal etc etc

Much better than SPF records which is in essence a broken system!

Someone needs to come up with Email 2.0, it's unbelievable we're still using a 40 year old technology to communicate. Maybe Google's Wave app is the answer...
My System SpecsSystem Spec
Reply

 Massive bot attack spoofs Facebook password messages





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:31 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33