The Register® — Biting the hand that feeds IT

Feeds

Facebook warns over password reset scam

Galloping Trojans ahoy

By John Leyden, 18th March 2010
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

Facebook has taken the unusual step of warning users about a bogus password reset scam designed to trick victims into downloading a password-stealing Trojan.

Prospective marks are falsely told in widely distributed spam emails that their password has been changed because of a supposed security incident. Targets are invited to open an email attachment for more information. This email attachment, you'll be unsurprised to learn, contains keystroke snaffling malware. Once bitten, every password a user enters onto an infected PC becomes compromised.

Facebook points out that it would never send users a new password in an email attachment.

McAfee, which was first to warn about the threat, has a copy of the scam emails and even a map showing the distribution of the attacks in a alert here. The web security firm reports that the scam is the sixth most prevalent piece of malware targeting consumers. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

COMMENTS

House Rules Send Corrections
All Reader Comments (33)
Highly Rated
Old Tom
Reply Icon

re: well...

I got one of these mails this morning, and of course I didn't open it. But the other day, my better half was expecting a real delivery and opened the delivery of a trojan from a spam mail purporting to be about a failed delivery. She's not dumb, it was just fortuitous timing for the spam to arrive.

Why the hell does Vista default to not showing file extensions? My non-techie lady can understand not to 'open' a .exe file, but when it appears that you're 'opening' a document, ordinary folk are fooled.

And why the hell do they say 'open' when they mean 'run'? If 'open' were used for docs and 'run' for executables, the world might be slightly safer.

Ordinary, non-techie people are not dumb and do not deserve to be pwned. Maybe you're just trolling.

11
3
David W.
Reply Icon

So, being...

...either ignorant or unintelligent means you deserve whatever happens to you? Walk into the wrong section of town and get mugged - you should have known better! Fall into the river and drown? You had it coming for not knowing how to swim better!

You guys are a real bunch of charmers. Nice to know that I can rob your house and you'll admit straight up like men that you had it coming due to your insufficient home security, though!

3
0
Keith Oldham
Reply Icon

Re : exe's

Thunderbird doesn't allow execution of binaries. All it does is issue a warning and offer to save. Even if you try and 'Open' from the e-mail attachment.

That's on Linux mind - wouldn't know about Windows

2
0

More from The Register

breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats
19
Critical Java SE update due Tuesday fixes 40 flaws
And yes, most are remotely exploitable
33
Kaspersky slips server security into PC software as attackers get crafty
Want to bag a CEO? Aim for his family
8
NSA accused of new crimes ... against slideware
They may take our information but they cannot take our REFINED AESTHETICS
40