14 DAY TRIAL // Security researchers from Belgian email security provider MX Lab, warn about a new wave of malicious emails that pose as Facebook password change notifications and distribute a trojan.
The rogue emails bear a subject of "Facebook Support. Your password has been changed! ID09687," where the ID may vary, and appear to originate from [email protected] or [email protected].
The email body contains a message informing recipients that their passwords were automatically changed because they were insecure.
"Dear user of FaceBook. Your password is not safe! To secure your account the password has been changed automatically.
"Attached document contains a new password to your account and detailed information about new security measures. Thank you for your attention, Your Facebook," the emails read.
The attachments are called New_Password_IN#####.zip, where # is a variable digit, and contain a file called New_Password.exe.
The executable is an installer for Bredolab, a trojan downloader commonly used to distribute other malware, in particular fake antivirus programs, as part of a pay-per-install scheme.
At the moment of writing this article, the trojan has a 45% antivirus detection rate on Virus Total, being blocked by 19 out of 42 engines.
Fake antivirus programs, also known as scareware or rogueware, are preferred as payload by the Bredolab authors because they are amongst the most profitable malicious applications.
Fake emails posing as legitimate notifications from popular services are rather common and the Facebook password change lure has been seen before. Last time we reported about an identical campaign was in January.
Users are advised to exercise extra caution when dealing with attachments in emails, regardless of whether they appear to come from a trusted source or not. Such files can be scanned on Virus Total to get an idea of whether they are malicious or not.
Although, such scans are not 100% reliable, so it's strongly recommended to always run an up-to-date and capable antivirus program on the system.