Display results as :

Rechercher Advanced Search


new facebook virus Empty
free forum
We have 66 registered users
The newest registered user is computerrepair17

Our users have posted a total of 19 messages in 19 subjects

new facebook virus

Go down

new facebook virus Empty new facebook virus

Post by Admin on Mon Apr 05, 2010 12:35 pm

This is what the Facebook password reset scam e-mail looks like.
(Credit: McAfee)

If you get an e-mail that appears to be from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. Repeat, it is a scam.

McAfee warned people in a blog post on Wednesday to beware of an e-mail that appears to come from Facebook urging recipients to open an attachment to get their new password.

The attachment contains a password stealer that targets Windows computers and which can potentially access any username and password combination used on the computer, not just the login credentials for Facebook.

"This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam," McAfee says. "This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs."

There are obvious clues that this is a phishing scam. For one, Facebook doesn't send e-mails like this. It may send an e-mail with a link where the user can reset the password, but not an e-mail with an attachment. Secondly, the e-mail has poor grammar and awkward phrases. For instance, Facebook is not capitalized in the salutation.

For more on phishing scams read this FAQ.

This map shows where the Facebook Reset scam is concentrated.
(Credit: McAfee)
Updated March 19 3:50 p.m. PDT to add that the malware targets Windows.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.


password stealer,

Yahoo! Buzz

Recent posts from InSecurity Complex
Conficker fizzled a year ago, but headache remains
Microsoft issues emergency patch for 10 IE holes
How one company stays safe with two networks
Microsoft rushes to patch zero-day IE hole
Report: Windows 7 holes eased by axing admin rights
In post-Google China, censorship is unfazed
Web traffic redirected to China in mystery mix-up
iPhone, Safari, IE 8, Firefox hacked in CanSecWest contest

Week in review: Tech goes to court
Whole Foods working to curb Facebook-based scam
Twitter to block malicious links
McAfee: A million 'scareware' victims a day
Cops: Notorious Twitter hacker caught, released
Week in review: Tech on the docket
Researcher publishes exploit for new IE hole
Symantec finds China top source of malware

Add a Comment (Log in or register) (29 Comments)

* prev
* next

by nauj_solrac March 17, 2010 5:36 PM PDT
Let's see how many naive Facebook users fall for this. =/
Like this Reply to this comment 3 people like this comment

by davidmcelroy_dotmac March 17, 2010 5:46 PM PDT
It would be helpful if there were more information about what this "password stealer" is. Does it just target Windows machines? Or can it affects Macs and other platforms? That seems like a rather basic question to leave unanswered. The link to the McAfee site doesn't answer that question, either.
Like this Reply to this comment 4 people like this comment

by sunburntfeet March 17, 2010 6:13 PM PDT
I think the main idea of this article was just to avoid the e-mail all together. Viral attachment or not, I believe the correct way to handle the fake email would be to not push your luck and delete the email. It does not matter what OS you have, just delete or report the email to your ISP. Though if you would like to test the multi-OS hypothesis and open the email and freely give your log in info and password, against all common sense, its your computer and Facebook account. Do as you wish.
Like this

by vidlearn March 17, 2010 6:55 PM PDT
Does it just target Windows machines?

Do you even really need to ask that question? If it affected Mac OS X computers, then the headline would have been, "Facebook password reset scam affects Macs" Sorry Windows users.
Like this 6 people like this comment

by davidmcelroy_dotmac March 17, 2010 7:11 PM PDT
@sunburntfeet: This is a tech news site. When I read articles about things like this, I'm interested in more than just the obvious advice not to open something like that. I'm not stupid. I KNOW not to open it. But I'm CURIOUS what it is and how it works. Maybe you're not. But I think it's reasonable to expect some really basic questions like that to be answered in a story such as this.
Like this 5 people like this comment

by sebastien.kalonji March 17, 2010 7:25 PM PDT
It's only for Windows users. This would have been much bigger news when it would affect Macs. The story would all be about the first infected OSX mac's in history.
Like this 4 people like this comment

by BrandonTV March 17, 2010 11:23 PM PDT
Yes, because no Mac in existence has ever gotten a virus at all. Ever. Uh-huh. Keep blowing it out of your ass, fanboys. Keep blowing it out of your ass.
Like this 2 people like this comment

by davidmcelroy_dotmac March 17, 2010 11:33 PM PDT
@BrandonTV: You might not like it, but there isn't any virus in the wild -- ever as far as I know -- that successfully targets Mac OS X. You can argue that it comes from a smaller market share. Or you can argue that it's because of the more secure Unix roots of OS X. Who cares why? It's a combination of factors. No machine is impervious to attacks, but Macs still don't get viruses. There have been a few trojans and worms that require the user to install them, but there's I'm pretty sure there's STILL nothing that can attack your Mac just from e-mail, web browsing or just connecting to the Internet. One day, somebody will figure out how to attack Macs in that way, but it hasn't happened yet. Those are the facts.
Like this 2 people like this comment

by saviolau March 19, 2010 5:28 PM PDT
To davidmcelroy_dotmac

In answer to your question, the malware in this spam campaign is part of the Bredo family. The current samples are used to install rogue antivirus software, aka Fake AV. The malware also contains spamming functionality and joins the compromised computer to a botnet.

They've been around for months many now. Previously they were sending out messages about UPS/Fedex/DHL shipments reports. They also tried to claim themselves to be microsoft updates.

Here are a few of our detail spotlights explaining what this family does:

The spotlights were written over a period of time so you can see how the Bredo family evolved over time.

Hope this helps.

Savio Lau, SophosLabs Canada
Like this

by Jack K1 March 17, 2010 6:17 PM PDT
The easiest way to determine if an e-mail is legitimate is to close your e-mail, open your browser, go to the supposedly affected account (Facebook, credit card, bank, etc), and log in NORMALLY. Never use a link or attachment provided in an e-mail - even if it is legit.

If there's a problem with your account, you'll find out when you log in. If you have no problem logging in, and no system message comes up after you log in, then you have no problem, and the message was a hoax.

This is the only foolproof method. Do not rely on appearances, good grammar, or logos to authenticate a message.
Like this Reply to this comment 4 people like this comment

by OniOokamiAlfador March 17, 2010 6:30 PM PDT
Anyone who falls for this nonsense deserves everything they get. In this day and age there is no excuse for not being educated on this sort of thing.
Like this Reply to this comment

by NoVista March 18, 2010 7:10 PM PDT
No matter how smart you think you are, and how much 'security' you have on your system ... you are one vulnerable step behind the next new exploit.

Let's face it -- other intrusions do not stop with the uneducated user, they proliferate. Back in the day when I was on IRC , I got a good DoS and reported it to my ISP. Their reply, "If you're on IRC, you deserve what you get." Yeah well, I got new improved tools and the next attack on me failed, so the culprit took down the ISP. Heh.
Like this

by Tergon March 17, 2010 7:09 PM PDT
I received it, ISP's Spamblocker/virusblocker caught it immediately as virus
when looking at the header, it originated from a godaddy hosted domain called bigrounds.
The email, which if it was from Facebook it would, does not contain your real name and in fact as it was a batch send out doesn't even contain the correct tergon in my case but instead, tergsa
does not have a link in the email and has a zip file attachment (just as imaged above). I booted my Linux v-machine and inside the zip is an exe.
I initially started this post to tell OniOokamiAlfador that his/her comment was uncalled for, but seeing the exe I'm'a agree that people should by now be educated beyond a scam like that. . . should but aren't so NO they do not deserve what they get, and if you (general you, not OOA in particular Wink ) didn't tell your friends and family about this, then you deserve their pain in spades for not helping to educate them and as many people as you can.
Like this Reply to this comment

by baconstang March 18, 2010 12:02 AM PDT
Earthlink filtered it out for me. But I'm not in Face***k and I use Macs, so zzzzzzzzzzzzzzzzz.
Like this

by Jahntassa March 17, 2010 7:37 PM PDT
Not new. Been seeing these for months. Unfortunately there's one or two of them out there that show up as VALID facebook messages on Blackberries with the Facebook app installed.
Like this Reply to this comment

by Mweaver2k9 March 17, 2010 7:44 PM PDT
I'd be more concerned if "facebook" was capitalized in the salutation. I hardly ever see it with an upper case F, even on the site itself.
Like this Reply to this comment 1 person likes this comment

by militance-sound March 20, 2010 9:58 AM PDT
Yea, but all their (valid) emails to users are capitalized. Here's an example I just took from my inbox; notice every instance of Facebook in the text is capitalized:

From: Facebook (***+***
Sent: Fri 3/19/10 6:51 PM
To: *** (***@***.com)


The Facebook Team

Find people from your address book on Facebook! Go to:

This message was intended for ***@***.com. If you do not wish to receive this type of email from Facebook in the future, please click on the link below to unsubscribe.***.php
Facebook's offices are located at 1601 S. California Ave., Palo Alto, CA 94304.
Like this

by March 18, 2010 9:49 AM PDT
I recently fell for a similar scam for my Yahoo account. I am more aware of this type of phishing email now..
Like this Reply to this comment

by xarophti March 18, 2010 10:36 AM PDT
Got this one last night. With a .zip file attachment. Probability I'm opening that, 0%. Sent to my primary email address (never used for such things). I'm not even on Facebook. Silly hackers.
Like this Reply to this comment 1 person likes this comment

by all320 March 18, 2010 11:00 AM PDT
@ OniOokamiAlfador, your comment really is uncalled for. New computer users are NOT always aware of these types of threats. For instance, elderly folks that are just now becoming computer literate, may not be. Also, you have millions of young kids on social networking sites now, who also may not be aware. Seriously, just because you and I know better doesn't mean everyone does. Have some compassion, man.
Like this Reply to this comment

by sadaemon March 18, 2010 5:58 PM PDT
Those that assert that there are no viruses targeting OS X are factually incorrect. It is correct, however, to say that the attack surface is smaller, and an OS X OS is less likely to be infected and yes, that is partially due to a smaller population of devices.

Stop the petty fan-boy bickering and get back to what the article is about, which, in the end has little to do with Windows or OS X and quite a bit to do with a web based service - Facebook, and a technology agnostic delivery mechanism - email.
Like this Reply to this comment

by scamreporter March 19, 2010 12:21 AM PDT
Great post and update there !
infact facebook users should
now be very careful,while opening any unknown attachment
via emails which certainly results scam.

Like this Reply to this comment

by nohad1 March 19, 2010 3:28 AM PDT
please email me response you mentioned that this email can get all your pwds and user names.
I am concerned because I actually opened this email and zip file. I only realised that this was a scam
after I opened it. but I quickly went to my facebook login and changed my pwd, and forwaded this email to facebook. I am worried that this attachment is still sitting on my computer how do I delete it. Or does
my virus protection program handle it.
Like this Reply to this comment 1 person likes this comment

by 987333 March 19, 2010 6:41 AM PDT
Yes what to do if you opened it???
Like this Reply to this comment

by blafouille March 20, 2010 7:07 AM PDT
rereset the password...
Like this

by cnet-barence March 19, 2010 5:46 PM PDT
If you have already opened the attachment (and you are not running Linux or OSX), there are some things you can do.

1. Log in to Facebook normally and change your password.
2. turn off System Restore
3. restart Windows in Safe Mode, and run your favorite Anti-virus scanner

If you don't have an Anti-virus program installed, you should install one immediately. Also, you should always have a firewall running when you are connected to the Internet.

If you don't know how to install and configure an Anti-virus program or firewall, you should start learning now.

Good luck.
Like this Reply to this comment

by blafouille March 20, 2010 7:05 AM PDT
Whatever ask you to reset a not....Do it from your account regulary....By the way i just rereset my password in case....
Like this Reply to this comment

by gbox56 March 20, 2010 10:31 AM PDT
A good tip is to create a strong password, and not to believe at all the mails you get although it is from a company you know.
I am using its help me remember and generate passwords, it is great, give it a try
Like this Reply to this comment

by realityentgroup March 28, 2010 4:23 PM PDT
watch out for the grandparents scam and the anti virus software scam too.
Like this Reply to this comment


* prev
* next

Add a comment

Log in or create an account to post a comment.ORConnect with Facebook
Comment SUBMIT
Click here to add another comment.

Popular discussions on CNET:

1. Crave giveaway of the week: Powermat 'wireless' iPhone charger

April 2, 2010 4:00 AM PDT
(2060 recent comments)
2. Reasons people gave for buying the iPad

April 4, 2010 6:27 PM PDT
(127 recent comments)
3. So you're buying an iPad...

April 2, 2010 4:00 AM PDT
(112 recent comments)
4. Poll: Buying an iPad? What's your excuse?

April 3, 2010 9:00 AM PDT
(102 recent comments)
5. With iPads in the wild, buyers react

April 4, 2010 8:06 PM PDT
(97 recent comments)

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

Comment reply

Submit Cancel
The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Report offensive content:

If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed.

Select type of offense:

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Comments (optional):
Report Cancel
E-mail this comment to a friend.

E-mail this to:

Your e-mail address:
Send me a copy of this message

Note: Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipients's address will be used for any other purpose.

Add your own personal message: (Optional)
Hi, I found this user's comment on CNET and thought you might be interested in reading it. Send e-mail Cancel
Warning! You will be deleting this comment and all its replies (if applicable).
Click to delete FOREVER Cancel
Click Here
Most Popular

1. Microsoft's big gamble with free Office
2. Did Steve Wozniak get a two-hour iPad start?
3. With iPads in the wild, buyers react
4. Reasons people gave for buying the iPad
5. What Verizon iPhone users can expect

Apple's iPad: A beginning, not end, to innovation
by Matt Asay
Outlook good for venture-backed exits and IPOs
by Dave Rosenberg
caro: Looking to talk to a few people who decided at the last minute to buy iPads this weekend. Shoot me a reply if you're one of them...
by Caroline McCarthy
mlamonica: Clean Edge analyst's very measured 'state of clean tech' report differs from upbeat media coverage of same report. bazll?
by Martin LaMonica
HP's iPad-killer slate PC makes an appearance
by Dan Ackerman

See full River page
Apple iPad: Full, rated review

CNET Senior Editor Donald Bell gives you his final word on whether the iPad will change the tech world as we know it--and whether it's worth your money.
• So you're buying an iPad...
• iPad resource guide
CNET Conversation: FCC's Julius Genachowski

The FCC chairman speaks with CNET's Molly Wood about his plans to improve broadband access in the U.S. and to bring a faster, and open, Internet to everyone.
About InSecurity Complex

Elinor Mills became fascinated with hacker culture when she was sent to Las Vegas to cover DefCon in 1995. Since then, script kiddies have given way to cyber criminals targeting bank passwords, and privacy risks are everywhere, from Google to Facebook and the iPhone. InSecurity Complex keeps tabs on the flaws, the foibles, and the fixes.
Subscribe to this feed Subscribe via RSS

Click this link to view as XML.

Add this feed to your online news reader

* Google
* Yahoo

InSecurity Complex topics

* Antivirus
* Black Hat
* Burning Man
* Consumer software and hardware
* Corporate and legal
* Criminal Hackers

* Enterprise software
* Phishing
* Privacy and data protection
* Security
* Spam
* Spyware


Posts : 11
Join date : 2010-02-26
Location : AL, US

View user profile

Back to top Go down

Back to top

- Similar topics

Permissions in this forum:
You cannot reply to topics in this forum