“updated account agreement” email contains Bredolab trojan

MX Lab started to intercept emails with the subject “updated account agreement” that contains the Bredolab trojan. The campaign is designed for Facebook users because of the content. The email comes from the spoofed email address and contains “Facebook Team”.
The body of the email:
Dear Facebook user,
Due to Facebook policy changes, all Facebook users must submit [...]

Facebook subject to campaign that combines phishing and malware

MX Lab detected a large new campaign targetting Facebook users. The campaigns combines phishing techniques with the download of malware and a PDF exploit from the web site.
The phishing campaign has the same characteristics of the previous campaign that we have posted:
Facebook account update (part 1)
Facebook account update (part 2)
The message is being sent from the spoofed [...]

Facebook updated account agreement email contains Sasfis trojan

Apparently, the virus campaigns are far from over. MX Lab reported on this blog regarding the latest virus campaign that would be an attempt to grow the Cutwail botnet by infecting new computer systems by launching new trojan variants every few days.
MX Lab now intercepts a new Facebook virus campaign from the spoofed address <automailer+gtevzolc@facebook.com> or [...]

Email regarding Facebook account update is a phish – part 2

MX Lab did intercepted  emails what appeared as Facebook phishing emails.
The From address is obviously fake and not related to Facebook in any way. These come in with the subjects:
Facebook Account Update
Facebook Update Tool
new login system
But now we did managed to get a working host where the supposed phishing site was hosted. We have visited htxxp://www.facebook.com.ujtqwaqo.eu/globaldirectory/LoginFacebook.php?ref=xxx&email=xxx@xxx.com and [...]

Email regarding Facebook account update is a phish

After a virus campaign, MX Lab now also intercepts a phishing campaign targetting Facebook users.

The From address is obviously fake and not related to Facebook in any way. This email in particular was directing users to the phishing site hxxp://www.facebook.com.saxzask.me.uk/globaldirectory/LoginFacebook.php?ref=******&email=info@****.com. Unfourtunalty, this host was already down when visiting so we didn’t had the chance to [...]

Facebook message with link to striptease video leads to malware

A message from Facebook Mail with in the subject line “FaceBook message: Magnificent Striptease Dance (Last rated by Lorena Keyes)” contains an URL that leads to a host with malware.
Some alternative subjects are:
FaceBook message: Magnificent girl dancing video clip (Last rated by Sal Velasquez)
FaceBook message: Dancing Girl Drunk In The Pub- facebook Video (Last rated by [...]