New Bredolab variant targets MySpace users with MySpace Password Reset email

January 8, 2010 by mxlab Leave a Comment

MX Lab detected a new virus campaign containing a new Bredolab variant. The campaign has the same characteristics as the Facebook Password Reset email campaign. The trojan listens to the name Win32:Bredolab-BL (Avast) or W32/Bredolab!Generic2 (F-Prot).

The email is send from the spoofed address <confirmation@myspace.com> and has the subjects:

MySpace Password Reset Confirmation!
MySpace Password Reset Confirmation! Order NR.4648.

The number at the end of the subject is choosen randomly and can change in case the subject contains an Order NR.

Body of the email:

Hey a ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your MySpace.

The attached document is named MySpace_document_10081.zip and contains the 36 kB big MySpace_document_10081.exe executable.

Virus Total permlink and MD5: cfd05a493ccab7d5928ba9bf7dec3d16.

Filed under Viruses Tagged with , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>