ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Spamvertised 'Facebook. Your password has been changed!' emails lead to malware

By | April 14, 2011, 6:16am PDT

Summary: Malicious attackers are currently spamvertising malicious attachments impersonating Facebook’s Support Team. Upon execution the sample Mal/Zbot-AV drops additional malware.

Malicious attackers are currently spamvertising malicious attachments impersonating Facebook’s Support Team. Upon execution the sample Mal/Zbot-AV drops additional malware.

Sample subjects:Facebook. Your password has been changed! [NUMBER]”
“Facebook. The new password to your account. [NUMBER]”
“Facebook Support. Personal data has been changed! [NUMBER]“

Sample message: Dear user of FaceBook. Your password is not safe! To secure your account the password has been changed automatically. Attached document contains a new password to your account and detailed information about new security measures.

Thank you for attention,
Administration of Facebook.

Users are advised to avoid interacting with suspicious attachments.

See also:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Facebook, Password, Attacker, Malware, Spyware, Adware & Malware, Cyberthreats, E-mail, Security, Viruses And Worms, Online Communications, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter
12
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
talih Updated - 12th Aug
Well done ! Thank you very much for professional templates and community edition

sesli chat sesli sohbet
View in thread
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
bicycle repair man 14th Apr 2011
So many people get fooled by false links in emails like this, perhaps email reader apps should open a popup when a user clicks on one, showing the actual email source domain, and the link's real destination, and ask for confirmation before opening the browser.
Another useful option would be to be able to block emails which originate in certain parts of the world.
Dream on...
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
dev/null 14th Apr 2011
@bicycle repair man - both of those would be a real good thing. My sister-in-law called me yesterday, she got an EMail from "Facebook Support" telling her that her account was suspended and she needed to scan her license and Social Sec card and include them in the reply. She was ready to comply but something made her call me first. I have personally been complaining to my ISP for a year about 221.0.0.0/8 - a few IP's in that /8 port scan me every 4 to 8 seconds, all day every day. ALl my ISP can say is "If we block it for you, it will be blocked for all our users" - Yea SO what I say, all to no avail. They suggest EMailing the abuse address, abuse@chinaunicom.cn - as if that hasn't already been done.

AT least with some mail clients you can view the source.......
0 Votes
+ -
Maybe if people read what the popup saidâ?¦
nmgitdept 19th Apr 2011
All good ideas, but the type of user that would open an "attachment from an unsafe source" (pretty sure mail programs mention something similar) isn't going to understand about domains. If it's got .com on the end of it and it's got the company's name anywhere before it (despite various dashes and dots afterwards) it's legit enough.
0 Votes
+ -
Thanks Microsoft!
james347 14th Apr 2011
If it wasn't for all the security holes/maleware/viruses/worms the internet wouldn't be the breading ground for all of these problems.
0 Votes
+ -
What you talking about?
MrElectrifyer 14th Apr 2011
@james347 Shut your dirty hole noobish hater!
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
ZombyWulf 15th Apr 2011
actually , if it wasn't for fools like you who open and follow all these phishing emails there would be no problems, quick there's another nigerian get rich quick email
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
Luke Skywalker 17th Apr 2011
@james347
"maleware"? Ignorant post. The attacks on users will continue so long as they the users who receive these type of messages continue to fall for them. In other words, forever. This is no different than mail and phone call scams of yesteryear, just a different distribution channel. This is not an OS oriented attack.
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
I Hate Malware 14th Apr 2011
I think a dodgy App on FB compromised my mailing list, the first i knew about it was undelivered mail being returned to my inbox containing a virus warning.
Didn't take long to remove that App, it only happened once but that was enough, no more Apps on that site for me.
0 Votes
+ -
Don't give up
MrElectrifyer 14th Apr 2011
@I Hate Malware
Try Tetris Battle, it's spam free (with Adblock+ on your side) grin
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
docqualizer 15th Apr 2011
Facebook would notify you internally if they thought there was a security or other issue...you would never get a reset password e-mail from Facebook I don't believe (but I could be wrong).
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
quentinjs 15th Apr 2011
When your account appears to be tampered with, they lock it down. You need to go through a couple hoops to get it opened again. They don't send you emails of crap.
0 Votes
+ -
RE: Spamvertised 'Facebook. Your password has been changed!' emails lead to malware
talih Updated - 12th Aug
Well done ! Thank you very much for professional templates and community edition

sesli chat sesli sohbet

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix