Bredolab variant delivered by fake Facebook warning

There are over 600 millions of active Facebook users in the world, so it’s no wonder that they are often targets of a great variety of scams.

The latest one is delivered directly into their inboxes, and claims that their Facebook account has been spotted sending out spam and that their password has been changed to prevent that:

Supposedly, the new password is contained in the attached .zip file, but that’s just a ruse to make them open and run it, so that they end up with the computer infected by a variant of Bredolab.

Graham Cluley says that the approach would probably be more successful if the attackers would pay attention to details and use a grammar check – these spammers’ have made a rather obvious mistake by misspelling Facebook as “FaceBook”.

But, statistically, it really doesn’t matter if they do. There is a great number of users that misses even such obvious clues and doesn’t know that the email address in the “From” field can be easily be forged.