Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Botnets attack Facebook users

Jack Loo | May 6, 2011
The malware claims to be from Facebook and infects through a file attachment.

SINGAPORE, 6 MAY 2011-Fortinet's Threat Landscape report today detailed two new malware variants that target Facebook users.

The malware, which is intended to look as though they're coming from Facebook, claim that the users' Facebook passwords have been reset and a malicious attachment has their new passwords. Clicking on the attachment can lead to immediate infection.

The variants are botnet loaders which, upon execution, connect to a command and control server to download and display a document that reveals a bogus password in an effort to look legitimate. The botnet would then continue to run in the background, requesting files to download and execute, one by one.

"Always beware of file attachments, never disclose information generated by an unsolicited request, and attempt to confirm identities of those who contact you," said Derek Manky, senior security strategist at Fortinet.

Meanwhile, the study reported that a large Coreflood botnet operation was dismantled by the FBI, the largest enforcement action of its kind in U.S. history.

Servers and domains controlled by an international group of cyber criminals were seized. This particular botnet had infected 2.3 million machines and millions of dollars were stolen from unsuspecting computer users.

"Coreflood comes off the heels of the Rustock botnet, which was taken offline mid-March with the help of Microsoft and a number of federal agencies," Manky continued. "As a result, two major botnets have dwindled and global spam rates have remained about 15 per cent lower than they were before Rustock's downfall."



Sign up for CIO Asia eNewsletters.