A malicious Facebook e-mail password reset scam is making its way around the social networking giant's 400 million global users, experts said Thursday.
During the attack, detected by researchers at McAfee Labs, users are presented a fake, but legitimate looking, e-mail alert warning them that their password needs to be reset. The e-mail comes with an attachment, which users are prompted to open in order to receive their newly reset password.
Upon downloading the attachment, the user becomes infected with a variety of malware, including password-stealing Trojans and fake antivirus designed to steal login credentials and other personally identifying data.
Meanwhile, McAfee researchers have seen a big spike in detections within the past 48 hours.
Dave Marcus, security research and communications manager for McAfee Labs, said that users should be clued in to the scam when it promises to provide an unsolicited Facebook password reset.
"Companies don't send you unsolicited passwords," he said. "Users have to look at their inboxes with a bit of skepticism. The volume of spam and scams is monstrously high. Most of the e-mails in your inbox are either a scam or a phish."
Marcus said that this latest Facebook password attack ranked No. 6 on McAfee's Global Virus Maps' Top 10, which tracks consumer threats worldwide. And thus far, the attack has accounted for as much as 10 percent of the infected e-mail viewed over McAfee's managed e-mail SaaS unit. Researchers speculate that the spam e-mail could be associated with the notorious Cutwail or Rustock botnets, but further analysis is still required.
Meanwhile, Marcus said that this recent Facebook attack is indicative of growing spam and malware threats circulating on Facebook and other social networking sites, indicated in McAfee's 2010 Threat Predictions.
"Social networks are going to be one of the biggest lures and biggest targets going forward," Marcus said. "Facebook's got 400 million users. It's a target-rich environment."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
