Facebook users targeted by password change scam

If you are one of the 300 million people who actively use Facebook, this warning is for you. A new spam campaign that targets users of the popular social network is under way, so if you get an email with “Facebook Password Reset Confirmation” in the subject line, don’t even think about opening the attached .ZIP file.

According to TrendLabs, the email says it contains your new password, but it’s actually a Trojan (TROJ_BREDLAB.SMF) that upon execution will get you infected with another one (TROJ_FAKEAV.BLV), downloaded from a malicious website.

Looking at the email, you can see it doesn’t look very convincing – you would expect something more professional-looking coming from Facebook. All the same, the fake “From” may fool some people.