We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Facebook users hit by massive botnet attack

'Bredolab' Trojan reaches at least 735,000 users

A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.

The attack targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. The messages, which come bearing subject lines such as 'Facebook Password Reset Confirmation', include a file attachment that supposedly contains the new password.

In fact, the attached .zip file includes a Trojan downloader, dubbed 'Bredlab' by some antivirus companies, 'Bredolab' by others. The downloader grabs a variety of malware from hacker servers, including fake security software, or 'scareware', and installs attack code and rogue antivirus applications on the compromised PCs.

Multiple security companies, including Symantec, Trend Micro, MX Lab and Websense, have put out warnings about the attack campaign. "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet," said Shunichi Imano, a security researcher at Symantec, in a post to the firm's security blog .

Jamie Tomasello, Cloudmark's abuse operations manager, said her company alone has detected nearly three-quarters of a million phony Facebook messages since Monday. "Our count continues to go up, and is at about 735,000 now," said Tomasello. "It's a pretty high volume."

According to Tomasello, both desktop clients and ISPs that use Cloudmark to filter potentially malicious mail have reported receiving the fake Facebook e-mail.

Because of its huge base - last month Facebook said it had more than 300 million users - the site is a frequent target for hackers and identity thieves.

Last March, for example, the Koobface worm made the rounds on Facebook, as well as other social networking sites such as MySpace and Friendster, infecting large numbers of users.

Facebook did not respond to a request for comment on the attacks, or to questions what it is doing, or can do, to stymie the campaign or warn its users.

See also:

PC security advice

Computerworld US


IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'