New Bredolab variant targets MySpace users with MySpace Password Reset email

January 8, 2010 Leave a Comment

MX Lab detected a new virus campaign containing a new Bredolab variant. The campaign has the same characteristics as the Facebook Password Reset email campaign. The trojan listens to the name Win32:Bredolab-BL (Avast) or W32/Bredolab!Generic2 (F-Prot).

The email is send from the spoofed address <confirmation@myspace.com> and has the subjects:

MySpace Password Reset Confirmation!
MySpace Password Reset Confirmation! Order NR.4648.

The number at the end of the subject is choosen randomly and can change in case the subject contains an Order NR.

Body of the email:

Hey a ,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your MySpace.

The attached document is named MySpace_document_10081.zip and contains the 36 kB big MySpace_document_10081.exe executable.

Virus Total permlink and MD5: cfd05a493ccab7d5928ba9bf7dec3d16.

Filed under Viruses Tagged with , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers