Another new virus is spreading through social networks, this time, via Facebook. This one – known as Bredolab – masks itself as a “Password Reset Confirmation Email,” appears to come from Facebook, and attaches a file that purports to contain a new password. That file is actually a trojan horse that will download a host of nasty files from the Web and infect your computer with them. Email security firm MX Lab explains further:
“Bredolab is a trojan horse that downloads and executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions).”
The way to avoid this one: if you didn’t request your password from Facebook, there’s no reason you should be getting a password reset confirmation email, so don’t open it. Further, even if you did, Facebook (
) would not send your new password as an attachment. Finally, f you’re still not sure, take a look at the full details of the email – if the mail server’s don’t belong to Facebook, you know the message is not legit.
