A malicious Facebook e-mail password reset scam is making its way around the social networking giant's 400 million global users, experts said Thursday.
During the attack, detected by researchers at McAfee Labs, users are presented a fake, but legitimate looking, e-mail alert warning them that their password needs to be reset. The e-mail comes with an attachment, which users are prompted to open in order to receive their newly reset password.
Upon downloading the attachment, the user becomes infected with a variety of malware, including password-stealing Trojans and fake antivirus designed to steal login credentials and other personally identifying data.
Meanwhile, McAfee researchers have seen a big spike in detections within the past 48 hours.
Dave Marcus, security research and communications manager for McAfee Labs, said that users should be clued in to the scam when it promises to provide an unsolicited Facebook password reset.
"Companies don't send you unsolicited passwords," he said. "Users have to look at their inboxes with a bit of skepticism. The volume of spam and scams is monstrously high. Most of the e-mails in your inbox are either a scam or a phish."
Marcus said that this latest Facebook password attack ranked No. 6 on McAfee's Global Virus Maps' Top 10, which tracks consumer threats worldwide. And thus far, the attack has accounted for as much as 10 percent of the infected e-mail viewed over McAfee's managed e-mail SaaS unit. Researchers speculate that the spam e-mail could be associated with the notorious Cutwail or Rustock botnets, but further analysis is still required.
Meanwhile, Marcus said that this recent Facebook attack is indicative of growing spam and malware threats circulating on Facebook and other social networking sites, indicated in McAfee's 2010 Threat Predictions.
"Social networks are going to be one of the biggest lures and biggest targets going forward," Marcus said. "Facebook's got 400 million users. It's a target-rich environment."
