Fake Facebook e-mail contains Trojan

There’s a new virus spreading via email which targets Facebook users. According to mxlab, the email includes downloadable files which include the Trojan virus: Bredolab. Anybody who receives a “Facebook Password Reset Confirmation” email should delete it right away.

According to mxlab, the message is as follows:


“This virus is being distributed through email, not on Facebook. The email is disguised as a Facebook password reset e-mail with an attachment that purportedly contains the new password, but is actually the virus. We’re educating users on how to detect this through the Facebook Security Page.”

Bredolab is a trojan horse that downloads and executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions).

Facebook also said that users should be “suspicious of unexpected emails claiming to be from Facebook” and that it never sends users a new password as an attachment in emails.