Facebook users targeted by botnet spam

Advertisement (Why?)

Facebook users have been targeted by a large-scale spam attack that informs them that their password has been reset, and that the attached zip archive contains their new password. Instead of a new password, users will find a trojan downloader, dubbed "Bredlab" or "Bredolab" by anti-virus companies.

The downloader then downloads additional malware from two servers, including fake anti-virus software, and joins the Bredolab botnet. This gives attackers full control of the PC, allowing them to steal user information or use the PC to send spam emails. One of the servers is based in the Netherlands, with the other in Kazakhstan, according to an alert on Websense, a security research company.

Security companies, including Symantec, Trend Micro, MX Lab and Websense, have issued warnings about the attack. Shunichi Imano, a securt researcher at Symantec told users on the firm's security blog: "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet."

Jamie Tomasello, abuse operations manager for Cloudmark, a messaging security company, said that her company has detected around 735,000 of the phony Facebook messages since Monday, and it continues to rise. "It's a pretty high volume," she said.

Image source: Websense

(7 replies) #1 thealexweb on 30 Oct 2009 - 12:16

Who's using outlook express?

#1.1 iamwhoiam on 30 Oct 2009 - 13:56

Anyone who uses Windows Live Mail Essentials would also be using OE as it's just a reskinned version.

#1.2 thealexweb on 30 Oct 2009 - 14:01

iamwhoiam said,

I think a little work than a reskin was done to make Windows Live Mail.

#1.3 C_Guy on 30 Oct 2009 - 15:32

I think you missed the entire point of the article. Try again.

#1.4 +Kirkburn on 30 Oct 2009 - 15:54

By that standard, any programs that do similar stuff are just reskins of each other.

#1.5 ozgeek on 30 Oct 2009 - 18:04

Oh does it matter!!!??? It does the same thing as "pretty" Live Mail. This is like "who still uses music CDs when you can buy then download them off the net?" Just because there is something new doesn't mean you must upgrade.

that's the problem with society today. Everything think they should upgrade when they DON'T REALLY NEED TO.

#1.6 +Nightwind Hawk on 31 Oct 2009 - 03:10

C_Guy said,

lolol

#1.7 Electric Jolt on 31 Oct 2009 - 20:51

We think it's random to show Outlook Express running on Windows XP. We are using Windows 7 now and it doesn't even come with Windows Mail yet alone Outlook Express. It's so random seeing Outlook Express being used in 2009 going on 2010. It shows how everybody is not protected by the latest version of Windows.

It doesn't even have cleartype on!

ozgeek: Are you 50+ years old? Maybe you should stop coming here to a tech news website when you want to listen to old news from 8 years ago.

#2 Tsusai on 30 Oct 2009 - 12:52

The same kind of people who fall for this or those "Your PC is infected, please download me" ads I guess

#3 Majesticmerc on 30 Oct 2009 - 13:24

Cheers for the info! You can guarantee that somone on my Facebook is going to open that attachment

(1 reply) #4 +majortom1981 on 30 Oct 2009 - 13:50

I must say i have gotten these phising attempts but they always are in my spam folder. Aol mails spam folder has been doing pretty well so far.

#4.1 +mrbester on 30 Oct 2009 - 15:52

I also.The biggest give-away was that they have yet to be sent to the email address I used for the signup, so this isn't as a result of hacking access details but just another carpet bombing.

#5 n_K on 30 Oct 2009 - 13:53

I got this 2 days ago, two of them, but it was for myspace not facebook, I've got neither so it's quite a fail for me

(3 replies) #6 Xenomorph on 30 Oct 2009 - 16:29

This kind of thing is for stupid users only.

Who cares if they get infected? THEY are doing it to themselves. Let them pay Geek Squad $200 to clean their systems over and over.
Maybe they will learn after a while.

#6.1 Mega Goatlord on 30 Oct 2009 - 17:23

Yes yes, because only really 'smart' people are the computer-savvy geeks. Would you call your mother or grandparents 'stupid'?

#6.2 CyberDragon777 on 30 Oct 2009 - 18:39

Yeah.

Dont forget that when the Bredolab botnet fills your email inbox with spam or DDoS-es your server.

#6.3 Tim Dawg on 01 Nov 2009 - 05:39

Yeah I don't want the stupids to be infected either. They all contribute to the massive bot-nets out there waiting to do damage. Sorry, we have to protect the stupids.

#7 pyehac on 30 Oct 2009 - 17:43

Just once, I'd love to get an email with a bad attachment.

#8 MtDewCodeRedFreak on 30 Oct 2009 - 18:22

Haa - even my mom have gotten pretty computer-savvy.

It's for stupid users that click on everything. *rolls eyes*

#9 Deadboy on 31 Oct 2009 - 00:27

Awwwww s%$# r u guys serious? That was a trojan? Damn

#10 Frylock86 on 02 Nov 2009 - 12:25

Seriously has anyone ever heard of clear type!?

#11 Atlonite on 03 Nov 2009 - 06:11

see just another reason to NOT use these social networking site like facebook bibo twater

#12 brucearnold on 07 Nov 2009 - 12:05

Big Brother Has a Name, and that Name is CLOUDMARK: This 1984-ish content-based "spam signature" filter gives Network Solutions and other web hosts and ISPs complete control over what emails YOU are allowed to send or receive. They can define whatever they choose to be a "spam signature", including the name of a cause they don't support, or the business telephone numbers of people who do. Here is how I know: tinyurl[dot]com/Cloudmark

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net