Facebook password-reset spam is Bredolab botnet attack

Facebook password-reset spam is Bredolab botnet attack

Summary: Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware.


Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware.

The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-theft related attacks.

Here's a sample of the Facebook password-reset messages hitting e-mail inboxes this morning:

According to Websense, the address of the sender is spoofed to display "support@facebook.com," a trick commonly used to trick targets into believing it's a legitimate e-mail from the popular social network.

The messages contain a .zip file attachment with an .exe file that connects to two servers to download additional malicious files and joins the Bredolab botnet which means the attackers have full control of the PC, such as steal customer information, send spam emails. One of the servers is in the Netherlands and the other one in Kazakhstan.

Topics: Social Enterprise, Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • For haven sake ...

    Could we be a little bit more specific.

    <font color=#808080><em>"...password-reset messages to trick <strong>PC users</strong> into downloading a dangerous piece of <strong>malware</strong>."</em></font>

    Do "PC" means Windows? I'm guessing because I see the words "<em>PC</em>" and "<em>malware</em>" in the same sentence, oh, and your screen shot is Windows. Is that an accurate guess?

    A mention of affected platform(s) would be appreciated by your readers. Let's not just tell half the story.

    Thanks in advance for your reply

    • Affected platform?

      It is a trojan. All platforms are affected.
      • re:Affected platform? Yes, Affected platform?

        <font color=#808080><em>"All platforms are affected".</em></font>

        <font color=#808080>"The messages contain a .zip file attachment with an <font color=#000000><strong>.exe</strong></font> file..."</font>

        Are you sure about that?

        Thank for your reply

        • Yes, I'm sure

          All platforms are affected by trojans.
          • I really wasn't ...

            ... looking for the definition of a <em><a href="http://www.irchelp.org/irchelp/security/trojan.html#how" target="_blank">trojan horse</a></em>.

            The question was about this articles malware specifically.

            Thanks any way.

          • Ah, I didn't realize

            Yes, this particular trojan coincidentally uses the Windows API and so anyone not running Windows is probably not affected by this particular trojan in the same way that Windows users are immune from OS X and Linux trojans: http://en.wikipedia.org/wiki/Linux_malware#Trojans

            Windows is also immune to all the problems associated with WINE and Parallels as other OSs desperately try to give their users access to the Windows API. :)
          • You're building a strawman. No thx. n/t

          • And you are a troll

            And yes, I realized that from your first post. :)
          • Says the troll.

          • RE: Troll vs. Troll

            NZ - you never cease to amaze me.

            n0neXn0ne actually brought up a good point with his post, whether or
            not it was intended to be a trolling attempt.

            Yes, NZ, trojans do, in fact, have the ability to affect users of many
            different platforms, depending on the platform that they were written
            to attack. So, as far as that is concerned, you are correct.

            However, in the case of this blog post, it is, indeed, a bit unspecific
            about the particular platform that is affected. PC does, in fact, mean
            personal computer, regardless of actual OS or platform, or whether or
            not one company decides the brand the term PC as applying to
            Windows based machines in it's commercials or not.

            In the case of this article, I have to agree with n0neXn0ne, in that it
            would have been more appropriate to specify that the trojan in
            question does indeed affect only users of Windows based machines, if
            only for the sake of assisting with people who may not be aware of the
            differences in platforms when it comes to the actual OS and the ability
            of malware to infect varying machines.

            Granted, simply posting "PC" in general does have the added effect of
            helping those who don't have a clue about any of this become more
            conscious of ANY suspect mails that might come their way.

            As for you, NZ, I have no choice but to compliment you on your
            apparently rapidly growing ability to create a rather impressive
            trackback tree based on your intentionally inflammatory comments -
            I'm not so sure what the marketable points are of such a niche skill-set
            are, but surely, you can use that to create a career in the entertainment
            industry somewhere. Or perhaps writing for a dictator in a third world
            country. Or something. I wish you luck in your future herring
            generating endeavours, good sir.
          • Would you care to provide evidence?

            Please be warned: Your words alone won't cut it.
            The Mentalist
          • Who needs evidence?

            Evidence is for jesus-hating
          • His statement is right

            All platforms are effected by Trojan's



          • "His statement is right"

            All platforms are effected by Trojan's
            actually it should read
            All platforms are [u]a[/u]ffected by User stupidity otherwise known as
            human error or social engineering:-) as to Trojan's
            "Special skill may be needed for tricking the user to run the (trojan)
            program in the first place."
        • Incorrect

          Incorrect. Just because it's trojan doesn't mean it effects all platforms,
          and as n0neXn0ne pointed out this trojan is an exe which means it can
          only work on windows or maybe wine.
      • All platforms? With a ".exe" file carrying the payload?

        This is gonna be good...
        The Mentalist
        • Name a PC OS that is immune to trojans

          This is gonna be good...
          • re: Name a PC OS that is immune to trojans

            Can you name one cross-platform trojan?

            <font color=#808080><em>"This is gonna be good..."</em></font>

          • Why does it need to be a cross-platform trojan?

            The fact that Linux trojans target Linux, OS X trojans target OS X, and Windows trojans target Windows means that users of all OSs must utilize some form of common sense when installing applications as root / administrator. The defense for trojans is the same, no matter what OS you use. If I were to email you a Linux executable and asked you to run it as root, would you?
          • Please report specific cases where it occurred

            your words alone just won't cut it.
            The Mentalist