2010年3月18日 星期四

FW: Newsbank: New password-stealing virus targets Facebook


-------------------------------------------
From: Ivan Macalintal (RD-US)
Sent: Friday, March 19, 2010 5:55:51 AM
To: Ivan Macalintal (RD-US); Oscar Abendan (AV-PH); Newsbank
Subject: RE: Newsbank: New password-stealing virus targets Facebook
Auto forwarded by a Rule


Just in.
 
New quote pertaining to this campaign from one of our favorite threat investigative reporters, Danchev, posted at ZDNET.
 
 
 
Regards,

Ivan


From: Ivan Macalintal (RD-US)
Sent: Thursday, March 18, 2010 10:30 AM
To: Oscar Abendan (AV-PH); Newsbank
Subject: RE: Newsbank: New password-stealing virus targets Facebook

Sorry Mcafee but this is old news!
 
Trend Micro has seen this since October 2009.
 
 
The malware payload that came in as attachment and the Botnet infrastructure behind has been dissected by FTR. Check out the material here:
 
 
Also, this critter is one of the deployment mechanisms for FakeAV. Good thing we have this covered as this helps crippling the means for FakeAV to be deployed.
But the fight does not end there - there are other botnets out there!
 
Other related material here:
 
 
FYI - This current campaign however uses another malware we detect as TROJ_OFICLA.K.

Regards,

Ivan Macalintal

 


From: Oscar Abendan (AV-PH)
Sent: Thursday, March 18, 2010 12:49 AM
To: Newsbank
Subject: Newsbank: New password-stealing virus targets Facebook

New password-stealing virus targets Facebook

March 18, 2010, 11:46am

BOSTON (Reuters) – Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.

The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.

If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, McAfee said on Wednesday.

Hackers have long targeted Facebook users, sending them tainted messages via the social networking company's own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update the company posted on its web site earlier on Wednesday warning users about the spoofed email and advising users to delete the email and to warn their friends.

McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began on Tuesday.

Dave Marcus, McAfee's director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.

"With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million," he said.

The email's subject line says "Facebook password reset confirmation customer support," according to Marcus.

 

Source: http://mb.com.ph/articles/248298/new-passwordstealing-virus-targets-facebook

 

 

 

Gelo Abendan| Technical Marketing Team

TrendLabs Manila, Trend Micro Inc. 

Office: +63.2.995.6200: YM: ocamabendan

 

沒有留言: