A fake Facebook password reset email seems to be doing the rounds in the last few days. The Facebook password reset email says the following:
Subject: Facebook Password Reset Confirmation! Customer Support
Dear user of Facebook,
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Thanks,
Your Facebook.
Instead of having a fake Facebook page to collect the victims passwords (phishing), the email is sent with a malware attachment. The malware is known as “Bredolab” which is a Trojan downloader. Bredolab will download some rogue antivirus products. However, some sites are saying that it also downloads a password stealing trojan.
Be Safe
Kaspersky Labs announced that Conficker is now downloading a fake antivirus named SpywareProtect2009. Owners of infected computers can see the effects of the SpywareProtect2009 activity
Spyware Protect2009
False Warning
IE Warning
This fake AV is so annoying that there is a significant probability that innocent users will click on the offer to pay for disinfection – and thus will be defrauded of almost 50 USD. What is worse, their credit card details might also be harvested – with all sorts of nightmarish results.
In addition to launching numerous messages about infections, SpywareProtect2009 attempts to install a Trjoan-Downloader.Wind32.Fraudload.ecl onto the system. This downloader is programmed to download new versions of SpywareProtect2009. Variant .ecl is downloading these versions from alsterstor.com.
If you find yourself a victim of this or any other false antivirus such as AntiVirus 2009, AntiVirus 360, AntiVirus 2008, AntiVirus XP, Spyware Guard, etc please turn off your computer, and contact Clear Choice Computer immediately. The longer you wait the deeper the infection will get into your system, and the repair will be costlier.
Internet security experts are warning of a new rash of malware attacks that can hijack the security settings of a wide variety of devices on a local area network, even when they are hardened or don’t run on Windows operating systems.
Once activated, the trojan sets up a rogue DHCP, or dynamic host configuration protocol, server on the host machine. From there, other devices using the same LAN are tricked into using a malicious domain name system server, instead of the one set up by the network administrator. The rogue DNS server sends the devices to fraudulent websites that in many cases can be hard to identify as impostors.
This kind of malware is definitely dangerous because it affects systems that themselves are not vulnerable” to the trojan, all you need is one system infected in the network and it will affect a lot of other nonvulnerable systems.
Of course, one way to thwart the attack is to hardwire DNS server settings into your iPhone, computer or other net-connecting device. This will direct it to bypass the rogue DNS server even if the device is unfortunate enough to get its internet connection from the impostor DHCP server.
Source: The Register
The Conficker/Downadup worm managed to slither onto millions of PCs worldwide at its height, but after it initially infected a computer it only really acted to spread itself, and didn’t cause further harm. Until now.
Symantec reports today that it has found a new variant of the virulent worm that will identify antivirus software or security analysis tools running on the infected PC, and attempt to shut down those programs. This is a strong signal that the worm’s mysterious creators haven’t abandoned their creation in the face of worldwide attention, as some in the industry have theorized, but may still have plans to make a buck off their work.
Source: PcWorld
Microsoft Corp. announced a partnership with technology industry leaders and academia to implement a coordinated, global response to the Conficker (aka Downadup) worm. Together with security researchers, Internet Corporation for Assigned Names and Numbers (ICANN) and operators within the Domain Name System, Microsoft coordinated a response designed to disable domains targeted by Conficker. Microsoft also announced a $250,000 reward for information that results in the arrest and conviction of those responsible for illegally launching the Conficker malicious code on the Internet.
