[A Friendly Geek]

<h1 style="border-width: 0px; margin: 0px; padding: 3px 0px; text-align: left; vertical-align: baseline; font-family: Georgia,'Times New Roman',Times,serif; font-style: normal; font-variant: normal; font-weight: bold; font-size: 190%; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none; color: rgb(32, 76, 75);"></h1>

<h1 style="border-width: 0px; margin: 0px; padding: 3px 0px; text-align: left; vertical-align: baseline; font-family: Georgia,'Times New Roman',Times,serif; font-style: normal; font-variant: normal; font-weight: bold; font-size: 190%; line-height: normal; font-size-adjust: none; font-stretch: normal; color: rgb(32, 76, 75);">Fake Facebook e-mail contains Trojan</h1>A new variant of the Bredolab Trojan horse is attached to a fake "Facebook Password Reset Confirmation" e-mail, security firm MX Labs is reporting.

Some users are receiving the e-mail from "The Facebook Team," according to the security firm. The sender's e-mail address displays "service@facebook.com." In reality, the address and sender were spoofed.

MX Labs found that the e-mail was accompanied by an attachment named, "Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91.exe" that, the e-mail claims, contains the user's new Facebook password. The security firm said that the element between the underscore and .zip are randomly chosen letters and numbers for each recipient.

When a user downloads the file, it could wreak havoc on their computer. MX Labs said in a blog post that the Trojan horse Bredolab "executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions)." In other words, it's nasty.

More here.

[Lots To Do]

Earthlink caught that one for me this morning.