Friday, March 19, 2010
A deceptive password change message sent on behalf of Facebook® is used in a Trojan-spreading scheme
Yesterday evening, a malware distribution campaign using Facebook® as bait made some pretty nasty waves. Apparently legitimate e-mails notified Facebook® users that the passwords to their accounts have been changed due to security reasons. The recipients of this fake notification were supposed to open an attached .zip file in order to find out their new allocated password.
Instead of a new password, the zip file hides Trojan.Dropper.Oficla.G. As its name suggests – Trojan Dropper- this piece of malware contains malicious or potentially unwanted software which it ‘drops’ and installs on the system. Frequently, the dropper installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the system.
Infection rates are expected to boom because the social engineering behind this mechanism proves to be efficient. Facebook® is a highly popular social network and accessing it for discussions or for its popular applications has become a daily habit for very many people. No matter why they access the social network, the e-mail informing them about the alleged password change is likely to drive them towards the same result: open the file to take a look inside and ultimately… get infected.
In order to stay safe, BitDefender recommends you to never open the attachments coming from unknown contacts as well as to install and update a complete antimalware software solution.
Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business