Facebookers Beware: Fake E-Mail Contains Virus

Fake Facebook e-mail says it contains new password but spreads vicious virus.

Oct. 27, 2009— -- A new computer virus is making the rounds online, using the Facebook brand to trick unsuspecting users into downloading potentially vicious malware.

The virus arrives as an attachment to an e-mail claiming to be from Facebook. The subject line reads "Facebook Password Reset Confirmation" and purports to be from "The Facebook Team," according to Belgium-based security research firm MX Lab.

The message itself reads: "Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document."

But the attachment actually contains a nasty virus called the Bredolab Trojan, which security analysts have been tracking for a while.

Once downloaded, the virus gives the sender complete control of the target computer, allowing cyber criminals to potentially spy on users of the computer or use it to steal personal information or distribute more spam.

Paul Wood, a MessageLabs Intelligence senior analyst for Symantec Hosted Services, said his research firm first noticed the new variant of the virus Monday afternoon. And, at its peak, the virus accounted for 30 percent of all malware observed.

Bredolab 'More Dangerous' Than Other Spam Attacks to Target Facebook Users

"In terms of numbers, we've seen quite a significant volume over 24 hours," he said. "The Bredolab Trojan was very prolific in the month of October."

The new variant that spoofs the social network, he said, has been averaging about 2 to 3 million e-mails a day.

Adam Ostrow, editor in chief of the social media blog Mashable, said the number of spoofed Bredolab-infected e-mail messages was "significant."

Though there are more than 300 million Facebook users around the world, he said that the volume of infected messages surpasses that of previous spam attacks that have targeted Facebook members.

"I certainly think it's more dangerous to people's computers that typical scams in social media," he said. Though Facebook users have been previously targeted by spammers, he pointed out that those phishing attacks weren't as dangerous as the Bredolab.

"The danger here is that you could actually download and open the file. And if your system doesn't pick it up you could have a lot of bad stuff on your computer that you're not aware of," Ostrow continued.

Facebook: We Will Never Send New Passwords as Attachments

However, he added that spam filters, like Gmail's, could detect that the e-mail isn't actually from Facebook and send it to your spam folder instead of your inbox.

For its part, Facebook is educating users about how to detect this and other viruses on its security page.

But a spokesman told ABCNews.com that users should be wary of suspicious or unexpected emails claiming to be from Facebook and said the social network will never send users a new password as an attachment.