Massive bot attack spoofs Facebook password messages
'Bredolab' Trojan rides fake reset messages, reaches at least 735,000 users
By Gregg Keizer
October 28, 2009 03:56 PM ET
Computerworld - A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.
The attack, which began Monday afternoon, according to e-mail security vendor Cloudmark, targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. The messages, which come bearing subject lines such as "Facebook Password Reset Confirmation," include a file attachment that supposedly contains the new password.
In fact, the attached .zip file includes a Trojan downloader, dubbed "Bredlab" by some antivirus companies, "Bredolab" by others. The downloader grabs a variety of malware from hacker servers, including fake security software
, or "scareware," and installs attack code and rogue antivirus applications on the compromised PCs.
Multiple security companies, including Symantec, Trend Micro, MX Lab and Websense, have put out warnings about the attack campaign. "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet," said Shunichi Imano, a security researcher at Symantec, in a post to the firm's security blog