Facebook warns over password reset scam
Galloping Trojans ahoy
Facebook has taken the unusual step of warning users about a bogus password reset scam designed to trick victims into downloading a password-stealing Trojan.
Prospective marks are falsely told in widely distributed spam emails that their password has been changed because of a supposed security incident. Targets are invited to open an email attachment for more information. This email attachment, you'll be unsurprised to learn, contains keystroke snaffling malware. Once bitten, every password a user enters onto an infected PC becomes compromised.
Facebook points out that it would never send users a new password in an email attachment.
McAfee, which was first to warn about the threat, has a copy of the scam emails and even a map showing the distribution of the attacks in a alert here. The web security firm reports that the scam is the sixth most prevalent piece of malware targeting consumers. ®
I got one of these mails this morning, and of course I didn't open it. But the other day, my better half was expecting a real delivery and opened the delivery of a trojan from a spam mail purporting to be about a failed delivery. She's not dumb, it was just fortuitous timing for the spam to arrive.
Why the hell does Vista default to not showing file extensions? My non-techie lady can understand not to 'open' a .exe file, but when it appears that you're 'opening' a document, ordinary folk are fooled.
And why the hell do they say 'open' when they mean 'run'? If 'open' were used for docs and 'run' for executables, the world might be slightly safer.
Ordinary, non-techie people are not dumb and do not deserve to be pwned. Maybe you're just trolling.
...either ignorant or unintelligent means you deserve whatever happens to you? Walk into the wrong section of town and get mugged - you should have known better! Fall into the river and drown? You had it coming for not knowing how to swim better!
You guys are a real bunch of charmers. Nice to know that I can rob your house and you'll admit straight up like men that you had it coming due to your insufficient home security, though!
Re : exe's
Thunderbird doesn't allow execution of binaries. All it does is issue a warning and offer to save. Even if you try and 'Open' from the e-mail attachment.
That's on Linux mind - wouldn't know about Windows