A new spam email campaign has been detected that claims to be a password reset confirmation from Facebook.
The email features a spam address 'firstname.lastname@example.org' in the from section on the message, with a .zip file attachment with an .exe file inside. Websense's threatseeker network claimed that the .exe file currently has a detection rate of about 30 per cent on VirusTotal, and it claimed to have seen up to 90,000 of these messages sent out so far today.
Websense claimed that the malicious .exe file connects to two servers to download additional malicious files and joins the Bredolab botnet, so the attackers have full control of the PC. It claimed that one of the servers is in The Netherlands and the other one in Kazakhstan.
Carl Leonard, Websense security labs manager, said: “This spam email attack is designed to play on the subject at the forefront of users minds – their password security. Falling for this scam could lead to the unsuspecting user becoming part of a botnet.
“With the recent hack of web-based email accounts, users would feel more compelled to open an attachment that purports to hold their new password, as they'd be worried who changed it in the first place.”
Leonard claimed that Websense reported on the 'add a friend' Facebook scams back in November 2008, and advised users to always go directly to the web address they have an account with and reset passwords there.