New Bredolab variant target Facebook users

March 17, 2010 by mxlab 3 Comments

MX Lab intercepts a new Bredolab trojan variant masked as an email from Facebook sent from the spoofed email address The Facebook Team <change@facebook.com>. The subject of the message is “Facebook Password Reset Confirmation! Your Support.” and the body of the email contains the following content:

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
Your Facebook.

As with the previous virus outbreak that targets Facebook users, this email contains instructions to open the attached document Facebook_password_357.zip. Once extracted the 56 kB big file Facebook_password_357.exe is available.

The trojan will create the following files on an infected system:

%Temp%\1.tmp
%System%\nnfj.tqo

The following Windows registry is created:

* HKEY_LOCAL_MACHINE\SOFTWARE\Classes\idid

The following Windows registry was modified:

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
o Shell =

Filed under Viruses Tagged with , , ,

3 Responses to New Bredolab variant target Facebook users

  1. Pingback: Facebook: Bredolab trojan virus di nuovo all’attacco | ciaoblog

  2. Pingback:   Facebook: Bredolab trojan virus di nuovo all’attacco by Advertising e Realizzazione Siti

  3. Pingback: New Bredolab variant target Facebook users | Computer Security Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>