A new spam campaign that purports to be from Facebook is making rounds today. It bears the subject, “Facebook Password Reset Confirmation,” and informs users that their passwords have been changed for security purposes. It then asks them to open the attached .ZIP file that supposedly contains their new passwords, which in actual fact is a malware detected by Trend Micro as TROJ_BREDLAB.SMF.
Upon execution, TROJ_BREDLAB.SMF connects to a malicious website and downloads a FAKEAV variant detected as TROJ_FAKEAV.BLV.
Users are advised to be wary of bogus notifications even if comes from a known source. Trend Micro product users are protected from this attack via the Smart Protection Network, which detects and blocks this kind of spam. Non-Trend Micro product users can use HouseCall, Trend Micro’s highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plugins, and other malware.