"Facebook Password Reset Confirmation" VIRUS ALAERT!

[BASSMAN]

Bredolab Trojan Lets Cyber Criminals Control Personal Computers



A new computer virus is making the rounds online, using the Facebook brand to trick unsuspecting users into downloading potentially vicious malware.

The virus arrives as an attachment to an e-mail claiming to be from Facebook. The subject line reads "Facebook Password Reset Confirmation" and purports to be from "The Facebook Team," according to Belgium-based security research firm MX Lab.

The message itself reads: "Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document."

But the attachment actually contains a nasty virus called the Bredolab Trojan, which security analysts have been tracking for a while.

Once downloaded, the virus gives the sender complete control of the target computer, allowing cyber criminals to potentially spy on users of the computer or use it to steal personal information or distribute more spam.

[Geek]

Thanks for the tip.... I will be expecting more business shortly

[scottsax]

Children, talk to your parents about phishing scams and trojan viruses. Prevention starts at home!

[Tubesnout23]

Thanks for the info!

[ArcticDiver]

Wonder if this is related to this I get on FB? I replied a couple times and then just ignored it. Nothing seems to happen.

"Please update your email addressOur systems have detected that xxxxxxxxxx is no longer a valid email. Facebook requires all users to maintain an active contact email. Please enter and confirm a new contact email below:

New Email:
If you believe you have received this message in error, please reconfirm your current email."

[Norris]

yes that is the usual delivery of a phishing site. it will then take you to a page that looks just like facebook but isnt. Usually checking the URL when you are wondering will help. If it doesnt start with http://www.facebook.com then it is most likely just trying to get your login info.

[ArcticDiver]

yes that is the usual delivery of a phishing site. it will then take you to a page that looks just like facebook but isnt. Usually checking the URL when you are wondering will help. If it doesnt start with http://www.facebook.com then it is most likely just trying to get your login info.

Gotta confess that paranoid as I am I was had by this. Fortunately I went through the password reset rigamarole after that and have ignored the message since then. So the phishing site has my email but not my password. So they don't really have anything than my email address. Since then none of my scanners have turned up any malware on this machine.

[Norris]

Not a worry for a local virus, usually phishing sites grab login info so they can send stuff out as you such as posting ads for various things as your status and such. Good call on not giving a password.

[ArcticDiver]

Not a worry for a local virus, usually phishing sites grab login info so they can send stuff out as you such as posting ads for various things as your status and such. Good call on not giving a password.

Doesn't everyone use different passwords for different sites? Or, at least different category of sites? If the phisher had my Facebook password all they could do was use it for that site.

Posing as me, eh? As long as they don't put child porn on my machine like happened to that poor schmuck who was in the news not sure they'd benefit much.

But, I have to confess I did my Facebook thing and now seldom go there. Well, seldom by my standards which are far from cosmic in time frame.

[Norris]

I use the same password for social sites and a much more encrypted one for Charles Schwab, Bank, email and that sort of thing. I would suggest to anyone that they do the same. I mean if someone got your facebook login, and they were the shady people they are, why not go and try it at some bank sites, and paypal??

[BASSMAN]

from what I read about it it is not just trying to get your password but it is a way for you to invite this "Trjan Virus" into your computer. If you don't click the link you will not get it.
I have already been asked to go to links like this on different terms.

[Norris]

Ahh yeah I just read that too. So there was an email with an attachment sent to users? I do not EVER open attachements from anywhere unless they are from friends. If you ever get a wierd "out of ordinary" email like this, I would suggest pasting the subject line into Google/Bing, and hit go. You are generally not the first to get it, and someone has already, most likely, cracked the case.

[ArcticDiver]

I don't know about otherISPs; but both of our major ones here in AK have some pretty obnoxious filters. They can be set up by the user. But, even then, unless the user puts a domain or address on the White List just about every known malware is filtered out before it gets to the user. In fact sometimes they filter even desired stuff.

Back to phishing for a minute. I understand wanting a user's passphrase and then trying it on other sites. But, even on this site what can someone do with a UserID and Passphrase other than post posing as the user?

[Norris]

Well I know generally on like FB and such spammers like to get them so they can spam ads and sites to all your homies. I think most of it is automated too so that once you put the info into the site the spamming begins. The cool thing is that generally your password doesnt get changed so once your friends get them and you see it happening, you can go change your password and it stops.

It makes you wonder though, what percentage of logins collected can get you into a paypal or bank site too?

[ArcticDiver]

Thanks. It seems that the only people who can get more than just annoyed are those who don't use different passphrases for at least different categories of sites.

[spatz84]

we just got this thing today only it use the phrase that our Facebook account was going to be deactivated do to suspicious behavior and that if we wanted more information on the problem open the attachment to look into it further. I did but nothing happend I notice that the URL line read HotHotgirls or something to that effect and I quickly shut it down. A moment later the Norton pop up displayed and said that an attempt against our system had been blocked. I hope that it actualy worked and who ever the LOW LIFE,SCUM BALL,DIRT BAG, BOTTEM FEEDER, ASS NUGGETS on the other end of these types of things were foiled for the day!

[Old Nubbins]

Better unplug that thing