Two new malware variants are targeting Facebook users, according to Fortinet. The malware, which is intended to look as though they’re coming from Facebook, claim that the users’ Facebook passwords have been reset and a malicious attachment has their new passwords.
Clicking on the attachment can lead to immediate infection.
“The Facebook malware variants we examined are botnet loaders, which, upon execution, connect to a command and control server to download and display a document that reveals a bogus password in an effort to look legitimate,” said Derek Manky, senior security strategist at Fortinet.
“Afterwards, the botnet continues to run in the background and requests files to download and execute, one by one. Always beware of file attachments, never disclose information generated by an unsolicited request, and attempt to confirm identities of those who contact you,” he added.
Spam activity stays down
On April 16, a large Coreflood botnet operation was dismantled by the FBI in the largest enforcement action of its kind in U.S. history. Servers and domains controlled by an international group of cyber criminals were seized.
This particular botnet had infected 2.3 million machines and millions of dollars were stolen from unsuspecting computer users.
“Coreflood comes off the heels of the Rustock botnet, which was taken offline mid-March with the help of Microsoft and a number of Federal agencies,” Manky continued. “As a result, two major botnets have dwindled and global spam rates have remained about 15 percent lower than they were before Rustock’s downfall.”