Prev: i'm curious about unit testing
Next: confirmation of what functions open_basedir will restrict?
From: Allen McCabe on 23 Mar 2010 21:04
*Importance:* High



All:



If you are a Facebook user, you may have recently received an email with the
subject: *Facebook Password Reset Confirmation Customer Support.
**The *address
of the sender is spoofed to display support(a)facebook.com



*THIS IS MALWARE BOTNET – DO NOT OPEN THIS MESSAGE!*



The message reads, “*Dear user of Facebook, Because of the measures taken to
provide safety to our clients, your password has been changed. You can find
your new password in attached document. Thanks, Your Facebook.*”

*According to TrendMicro, “The malware being delivered is a botnet and is
called ‘BredoLab.’ It has been occasionally spread by spam since May of
2009,**” **There have been at least eight versions of the Facebook BredoLab
malware observed since March 16, 2010**. *

*“**What is troubling is the newer versions of the BredoLab used in this
latest attack campaign are not being detected by the majority of anti-virus
services — and that means the majority of users who unwittingly click on the
bogus attachments linked to fake e-mails are going to have their computers
infected**“. *To bypass firewalls, it injects its own code into legitimate
processes.**

The malicious executable is linked to the Bredolab botnet, which has been
linked to massive spam runs and identity-theft related attacks.



BREDOLAB is a software that enables cybercriminal organizations to deliver
any kind of software to its victims. Once a user’s machine is infected by
BREDOLAB, it will receive regular malware updates the same way it receives
software updates from the user’s security vendor.



To clean and protect your home machine, both anti-virus and
anti-malware/anti-spyware software should be run daily (or nightly).
 | 
Pages: 1
Prev: i'm curious about unit testing
Next: confirmation of what functions open_basedir will restrict?