Beware of Facebook Virus Mask as Password Reset Confirmation Email

A virus masking as "Facebook Password Reset Confirmation" that targets Facebook users is now spreading through email. The virus is known as Bredolab or Trojan.Downloader.Bredolab.AZ (BitDefender) which was detected by MX Lab. The sender email address is shown as "The Facebook Team " but the real SMTP from address is spoofed.


The danger is on the attachment which has a name of "Facebook_Password_4cf91.zip" and includes the file "Facebook_Password_4cf91.exe". the part between _ and .zip at the end is choosen randomly and contains letters and numbers. According to MX Labs, Bredolab is a trojan horse that downloads and executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions).

To prevent it from infecting your system, simple, don't open such email if you didn't request a password reset to Facebook. Now forward this virus alert to your facebook friends to warn them.

For More Virus Alerts, subscribe now.