Fake Facebook Phishing
We’ve been receiving fake phishing emails with instructions on the “new” facebook login system. If you receive this email, don’t click on the links!
Here’s another variation I’ve been receiving:
Subject: Facebook Password Reset Confirmation
Hey jim ,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team
Attached to this email is a zip file, which is bound to be carrying something pretty nasty. I scanned it with Microsoft Security Essentials and received this report:
Detected Items: TrojanDownloader:Win32/Bredolab.X
Category: Trojan Downloader
Description: This program is dangerous and downloads other programs.
Recommendation: Remove this software immediately.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the ‘Allow’ action and click ‘Apply actions’. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
containerfile:C:\tmp\Facebook_Password_c89a7.zip
file:C:\tmp\Facebook_Password_c89a7.zip->Facebook_Password_c89a7.exe->(UPX)
file:C:\tmp\Facebook_Password_c89a7.zip->Facebook_Password_c89a7.exe->[DynDrop]->(UPX)