New password from Facebook? Beware widely spread malware attack

Filed Under: Facebook, Malware, Social networks, Spam

Malicious hackers have spammed out an attack that pretends to be an email from Facebook support saying that your password has been changed.

The messages, which have a variety of subject lines including "Facebook Service. A new password is sent you", "Facebook Support. Your password has been changed" and "Facebook Service. Your account is blocked", have a ZIP file attached which carries a Trojan horse.

New password from Facebook?

Good afternoon.

A spam is sent from your Facebook account.
Your password has been changed for safety.

Information regarding your account and a new password is attached to the letter.
Read this information thoroughly and change the password to complicated one.

Thank you for your attention,
Facebook Service.

Sophos products detect the attached ZIP file as Mal/BredoZp-B, and the Trojan horse contained within as Troj/Agent-PLG.

It's possible that the attackers are attempting to exploit the problems many female Facebook users had this week when the social network disabled many accounts by accident.

Don't forget - you should always be extremely suspicious of any unsolicited email which arrives out of the blue, encouraging you to open an attachment.

, ,

You might like

5 Responses to New password from Facebook? Beware widely spread malware attack

  1. Clara Moir · 1785 days ago

    In referance to this post of facebook "stating your password has been changed.
    At 1240pm this date I received a message through my AOL, E-mail account that stated.
    ( showing it came from), donotreply New Password Requested. I hit the "Spam" and did not open this.. Could this be the samething you posted about? Could this have been"cleaned up" after this was brought out in the open? Thank you for a response to this.

  2. agata W · 1767 days ago

    I have received a email saying its from facebook and requesting my personal info.... The message said I won 33 thousand dollars and must claim it for them to send me a cheque..

    Can you please let me know is this a spam ?? i didnt send any info......


    • Mr. T · 1764 days ago

      Of course it is spam, 'tis common sense.
      At least you didn't sent your personal info to them. Just add them to your blocklist or sth.

  3. anon · 1715 days ago

    i did open the mail but did not download the attachment & deleted the mail
    will i get infected?????

  4. Betty Rowe · 1713 days ago

    I forgot my password. How do I get a new one????

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley