"A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.
The attack targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. The messages, which come bearing subject lines such as 'Facebook Password Reset Confirmation', include a file attachment that supposedly contains the new password.
In fact, the attached .zip file includes a Trojan downloader, dubbed 'Bredlab' by some antivirus companies, 'Bredolab' by others. The downloader grabs a variety of malware from hacker servers, including fake security software, or 'scareware', and installs attack code and rogue antivirus applications on the compromised PCs."
More here.
Posts
