Scam of the day - Bredos targeting Facebook

Filed Under: Facebook, Malware, Social networks, SophosLabs

Today we have seen a surge in emails pretending to be from the social networking site Facebook.

The message suggests that Facebook has modified the user's password to enhance user safety and that the new password is in a attached document. The message looks like this:

Hey XXXXXXX ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team.

------------5GHH3B84G384ABF1
Content-Type: application/zip; name="Facebook_details_345.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Facebook_details_345.zip"

The attachment is called "Facebook_details_<some number>.zip". This attachment is malicious and should not be opened.

Sophos detected this file as Troj/BredoZp-AD and the executable inside the zip file as Troj/Bredo-BN.

, ,

You might like