Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Facebook Password Spam Conceals Malware Attack



 By: Brian Prince
2009-10-28
Article Rating:starstarstarstarstar / 21


There are 10 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Researchers at several security firms have uncovered a spam campaign targeting Facebook users. The e-mails, which pose as communications from Facebook about password resets, contain a nasty downloader that ultimately makes users part of a notorious botnet.

Researchers at several security firms have tied the Bredolab Trojan to a spam campaign targeting Facebook users.

The malware is being blasted out by spammers in e-mails claiming to come from The Facebook Team." Inside the e-mails is a message that the recipient's Facebook password has been changed. In order to get the new one, recipients are told to open the accompanying attachment containing the malware.

 Researchers at Websense told eWEEK Oct. 27 that they have observed more than 350,000 of the messages. On the companys blog, researchers explained that the malware connects to two servers to download additional malicious files. Among them is Pushdo, also known as Cutwail.

"One of the first things we saw this Trojan horse download was the Pushdo bot which began spamming out more of these Facebook password reset emails, according to M86 Security. 

Resource Library:

MX Logic noted that Bredolab bypasses firewalls by injecting its own code into the legitimate process svchost.exe and explorer.exe. It also contains anti-sandbox code to thwart researchers, and creates the following files: %AppData%\wiaservg.log,
%Windir%\temp\wpv861256600826.exe and %Programs%\Startup\isqsys32.exe. Bredolab also creates the processes isqsys32.exe and svchost.exe.

Sophos is detecting the malware as Troj/BredoZp-M or Mal/Bredo-A.

"Don't make life easy for the hackers hell-bent on infecting your computer, stealing your identity and emptying your bank account - exercise caution when you receive unsolicited emails and protect your computer with up-to-date security software," Graham Cluley, senior technology consultant at Sophos, advised in a blog post.

 

 

 

 

 





  Reader Comments: Facebook Password Spam Conceals Malware Attack
>>> Post your comment now!
A user comment on this article
I haven't had this happen to me yet, but I have had a couple of friends who were hacked. Their Facebook pages sent out stuff saying "yyou haavee to...
Posted At: 11-11-09
By: Anonymous
No Help Facebook
I agree with you. I too had a toigh time looking for simple "contact us" link and cd not find one. I found several users had complained about it as...
Posted At: 11-03-09
By: Anonymous
Facebook User
You clearly use facebook to much!!!! (Like)
Posted At: 10-30-09
By: Unlike
A user comment on this article
Everyone forgets the first rule of security -- all the security in the world is fine until it inconveniences users, then they will ignore and...
Posted At: 10-29-09
By: Anonymous
A user comment on this article
One would also expect someone who was submitting a fraudulent email to just forward it to abuse@domain
Posted At: 10-29-09
By: Anonymous
Unhelpful Facebook on The Facebook Scam
I got a bunch of these emails and the very first I received I tried to report it; discovered Facebook ain't very helpful for this (surprise,...
Posted At: 10-29-09
By: Siddharth Kalelkar
What's a digital signature?
Unless and until email clients of all kinds can make digital signatures easy to use & verify, that's an uphill battle. Without them, the use of...
Posted At: 10-29-09
By: Anonymous
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}r۸j9km]mGJɶkŶ,%^I*EBERv \?g3UY|vn3 72`q|&ko`Txp@kMmW ؓ׌ڭAx)B(#bF]߂KCI%_qؓ&thluD`YRi 3 LmfC1+kT9R>l[Gݑ[#XsIzVHaSO*!)lpi#¼'@>x u-C¿{+߀Cݸ1̷_M[좖b6Z oO |lM=P~ %DhOG@uh3 2n eþ=Je_+aV+Cxxo9{ؖ3bTzEÝ5{JU4Eٿ]vή $(֝[pm+iu]+i0n{'ݏ7y@α{A>od}#5}&UJDZ-i& 0h!5&tt:~Xst\㍒~_p~y)ڡVR]F[V@a`%pfQUe>Oe}}uI}|vti",3SA4 ̠+`WKe`9=y\toz{MN;'w:Rڟ+̪k*~k! /~oLmrG,.iTW%᧓qULBxy$Y)IqN X-t[ۗRH }c-AX*,>Ja͢4-I` ߖI@7[)@ K:YK7BS_g]p a4F@Lt&h)5?&b.L2<|)=:-`i˫ TE嗋mESu= (J!bN3E !\J!=! g|8Jn΋|? [Z&ѻfmќ-Ӆ]WcL^cL .Cuv}BzW^?]{ֻ6LqJjh.B2iKB0qkꛛZ۵Tf~X}U95zQnʼnl :2X jXR7HaQ/ogtA`:)ѧ!>RӚMCqRO#Gs>H2胎6mb8-" ,70}HOqI 4o Qx٭lE%_¤< ) FA=H:]6(Z\?`c VC@B뎂9{׿ޚB"QޒС4aqj =*~3=w}   @lk 6G~[>l03ţF\JQzODȧH.B$(ZȻ"!Aly [$t XV0(V ar T<ʦBIʗJd&3,BV-KїPf%i2klƲń(VFN1|(0VRx5Rn,`oʡW鐦 2,X< >řhf&i &蝐`3Ґ( s?{\ g!a\t0x>fXfZ1kpBa"@dU nN-˘ R g?f0-qڛyE"yTX!3=Ͱ&q_9G+oozjr&=|YrY۶ۿi RMMUPS7˕L<+׬ePM g2)*[hY8:[(,O7\EYbꞦ৚q,H1,g0dz?;V@q=1S7RtZC+>q^i.:[@OeUZpz{-UWv/KƠR?uJiO,ohm_yʠuiLGe -" IHf(XKKezlxӇ8$&lE6LE?in Py\{8`O7l{`(`R5 )KJ0vW4E%Xf&`ܲ% 6%P$7S~8!k^͆Xy>]| ==r3C618yeD6'QZ^-B.,g \mpj \ GZ.LAqA02]y5/*og;fc p+\s.K 7āhͰZh`]u6$\ޭSRj)3LZޙ(@yL;2"tn\1$6/Pk .a@C%)& c^apEBk ZC疪bd&ܔwц.[XR]OqPeУGjq~ᇆ9(#_0hh<^HzT%דCjvXVkqv 3*(Si 7Sc`9g?7`3|x+UXY81f-1_0+E /k,5 +i fR9!} leA{ 늦 ?+[+^>F+ E{h0 qDNUiBH@%liA -@2x6p~ey@Ls5F8baj4X[ 蟆%}gjoB64F@2( Cs]QYR;aC餸3>(/M3$J1N*,7ؔAԉ~g׆'yϤͬh#|5y,>,SԵhse)s@J>Z^A-H{jFN2M1:LM}^DQW5B9dLfQJ'1•0cg% z [ ٔY]}2Jz߼AFh%tb=M#X<_"w~§gcc~GfqH)Yf:al<6`rO18МN%Z*`ҖMPVťl䘇%b "K,8.h!2"=%CXMV\7@aOo[\JEVK`qՁDZ%y9HǞ1]]2Y֘zֱ4> ʀkӘG2cFTYhVmZ\wmoLJ.=rDo B) u(=6-:o] Lc~8M2aݺ=n48 Z&I:Ę 36Q B @ItOלY0vx.|BZOUc!)zF E0W:=wg'u3fEghDu>ho9Kj}K_cOߗfٿh<"m{pXdJq+G=#$uSPӃۜr; 1dy!B(Í7w jE5pXIS"9oթ$-ݱi'> ^ax!wl q%ӝr* rAٸEO[,rm-̑s8S|AGJ脚bye5-e3O5NRMLC]OC/($;+B6xs gaM6mn3gjt.m6Dr0Y,7[ .VlG0_Ӹ\bw[D XY+oxetװ>CT䵴f[YUHO~,b.Lx`Ƌ(9+rq=ԥ_.vwX̧{E~(rFntR7ÝԆ+^@)s^EXL1kx'gYZ*t0w쯁 8dcΣdfcT cv2O7&]Z9X1c6qwvh!(;A\[µ“㻞0]mYz}h^&})'AuhaJwjin6`4 ݣvV:}'i?v;޽qܶ`M#}ݾJf9k^d̠t4s }!.`0^.Eu?h2i~JMݹicVD)]Kĵ"v9KJIɇym^zSDD6Kh#iv.R%o14m*z>535"i 1N6;w1_t` AAXŀ0!V lKG s8Aid=hl|nwcJdjl 81Qhi_٦h " Va' FYC,GIIbwl['GGo-:XQ|=L8s{C8lRSgLmXS|  \(\@Ӟ܊EQ@(2.mE.zQv%Fc7Y+x˗t8=qPJp!gK.`<{E=҇O$hX/iO!gaˤrȒ+lxjwa@(1:*hw=R!}g{۰z+d QoӰǓˎj<>9bYvykp'O+`_tՍ* .#NbœCWxLybP 7oYt% 2g `Y8?NN]=(}$IȘMx(]BlCAWWAgIML# R]l!1%4qyb:CNikg $R$mƆ 6#䯰M! Y#і?\Z>pj(]o&+}@#"іpKzEa,P",aeᲀfwsI.:MYBR B~ ]̀,,o 7$U \>ڳOaC cw J(ҩnСwH7DV(~kEA+kBq$Hs۳mʂcA<yp"Y\M\"L UVo| >0~&NiZ`ǑdS&)kseNYT9>3@iD*%7F}$ O϶F6s nm")ꦌPyv}ug)R}3{8PrK>XI-!p k%T+;BX+x+ʵZABX+ߗ {VE{Nj5ضIZmSή>g<2#Tz3 Hg&JGHR 3)H[KX}^DDْ?bQݔj/8YVpn ҄/8㔕Jl2 "z w +n?M\H\t0we_LK)"x03> »MI[e];c7lT)md*ϲ+ϥޱc&] S3{`nsf}aַ{oSsLcD#] /SKXm`ku0|آ?<*땈)RXc KRˑi*ps&2폝ԝ6xMQX >xܚbbL@u2#ijY- 5dG0088]JCdjĄؚͭ_ِU/%t҅ncb9qD\ݹfhhjRAQ7 z$3j ќx,YO{C{WL58f^r*YBH#X1z];&\gp']1 =M{AzJ)'Rd/Mu>р\JM\rgt0;d.Koao|CNy$)6XQsU{(o03L^),y溷\=vhBv|l*/~G¾i2 _ 3i:{%]2LKRݹrHM~c)᫉a~|=r-r͵U^0"FǮmxS/y*C'hr랋.eӑ9#7u"\ɠ Q%fmܦvO䑦gP }wB:TsFԧ(e):IS0FT MjD'Xy'"^.ºT俙t0ĿcW&੆_gÛ^51\0us=ݶ H^$" ;PZǃ20Dul+mz T3pYf z;GS+sXTR Z!ߤ<ljm_may^h$/*귵O]:`5H n=6Lpzlï^JYf%e։I!V$^S&e3l~oYt7=|nG98X Oa /]ޮ)c>ܹJ&* =KG`-[g@U4j"ohOҗe>C &Hm~98Ŵj+)8he;J2na#x|]=[G?=eO) xϓ-ϲ=9/ 30Ӛo?&pK4+uDJF/xTݦ!ej̜?m-Y?O0I_7n=yK/(9u{ga(w'k~t'(C^P"^]’ M}1P7nǾ;s̃H՗k}$K , 1ckzzD,?t"RЮ(> 03B,ޕA%ge3-Ou{(P<ΙTh,ZNtDĥ+c._ZMWK.K\G" *ߕlW1 {BZ{TeskɧjRUBI ՁkZk>A5R9}fZӚbfچX50^VzZ3!|mzZC.u`.қ≡37:QSYۼI@p찌71*tMlG2C`m4,\ |!BπTa˓5BYQd PNS:9;fBs.kXl; +\W3u~ -0 +Hу%S}k*qd}TK[RJH`o2$,b֢@N cˡq\o7zh_\A/Y!}D q$C+ ^`׍kd̑̉V:u_`i;t]kt+ 3>нg3B;w^?r}sι}?Wٹ9Z`3+nsl+ZKɶ8+YlwNQgg)q8 @ș莥epߥ~RJHUTm߉fFܞUk zJ <0]LRLmE5dM-ã|U:^|%w۶6 C~Q:co{1I XPp+ႎ|xUk{Vy%;jNѻ ̋(LKt4*:i6ɝ5&&sk{@\-q 81q,z Ye!.փފ> -sF@Yf!s/4O]YUc `< q}nG~huew= deȃ;C}m!Lw<S=JKa=Sb8 0JAnj?[''vq]QIx6O x7tX$l.cbH!̆\oX|J7b7|$rkIC91˞0%s~! gL-Fw DB"c)41GJ["1}ɹcMN퓔pxXҚ0!<RAA6"))ĴF,7$`"1a9=c3bw`El/ŧn犉1JOs\-"@e=DqEC X@D)(bU 7OTYPk,(ϩpk2ꥦH0^efc) '.X`,rej߀dz?,Gza~2x :0fé-ݳ5KjltQQ({b8M u?؃3,ȏ(nN ѹr~LR ] 4Bq0hpWvtE 1ºޛXF #}AaP8Z  +z+uT'I]W@)9#{˪<ś&nVoDz+YT(sI+;}^hh t0 c3brOtvcٺ:DNפENmp;\;K~q<-¶-j=uuO>w>v.Wם~yj0cAl\_d _T Q9l]28SM1B*rKxu< /g%Lqx&m}|?_C)Qe3ʋ, q~4ab ^X1o\{=-ZI ƋxY^ Ȥou[9}Ng(S~ ׫ˏ[.wsʑO'c(?^]~ 9͡;Vu ͳI9)ureN9B}/Z]~sl׼ " {C E}./?/r"?QF/ssϠ,P ()K..n~+r޿rs/(_r#+>1~7P~W{ÿ7MN779$)gVpv*esS^)4rR}~ )P9PϪ ~2*R@^W~ su=I+ťfW*7yKxM}%+zᘴ[˺rn@ ȣ{i K{#68xEB+gٔ@#X{#uJJݓs+z`~J\]N9b}+r>V=ןbMedGE⬏G\%[n3'rO=?QǒGЬg]#=DCD?|k2YwI89{\pm`L_T-AhOW,873W5#8';ZʈPsvdmoCdrܫٝx|ʮ ܅ \gU9n{d4qa n9_#|@/k/g >赏?\woҾlZ36J쓭? }MF`MTV)pFF,R |c ,~(7a4Ѝ 5z$ Y;8{om Dǝ1K7́a[C o6eM+5VkZpwrD&0qG LcjJ]Nlժ~\,)g /(@#غ̷7|Q'C7":iRq x+M!'\Ix'»*aһLŗ1%{73/ ~*ev3*(G2Ă)Ee€;+Lb`lJ / rg z5|L:Aۆޞ3,ڕ"o,wPs@&{L"x.,U~f.g- İG9Юǣc7ˡB?3; [ ^2=A|#& .Lykz~;a,# "eBsOB` ,k?=[nUc5$7SS ɽErb|0963H+fU_QAs |qm[<pN%do?mMxQgrIq-L&$ʗPff^3&2Ϡ7G"U?Iی6T#&[o"9ݜӿ2aс(Yœ{XmD8k9t}y x_  NYȅ=y 1G;S3U1֜/gзd쥽%˷}Yq v.}xFʫu\|>)4ͤ#\twў|7(6؎|!OG ϿayHO)t&I`Q'1^S ̃NN-Gw U|ٲs9ebV)qmeGf[-[ @ O<CZ24a (fzc<9znG}L޴eHPWϗݜO ,OXo|8j/dZrO}oI C_?e <+1 <&`cܢO\nnic.KE0&(Xp\GAVΙَ>i3;nr$cBLN7 S 3pRaL  b[и/F"FԂ'g"eW~)IDy)/̀/P>q&'\ƕE_Sq|:o/܍S,{ٗN[O<|;XYt0y܎3Jbq')iwޝwϻ X7u㖗߿~<6EKB^ T>Vurҹ|C&ȕ/g5F#-<#DYfCժZ-Nj|܊#iQg8&rYOrѽ;o7 D^4†mJPU&s)csM-n압4>S9aa)nǝlr n%96O`X PgPR