On TechRepublic: Five super-secret features in Windows 7
BNET Business Network:
BNET
TechRepublic
ZDNet
61 TalkBacks

By Elinor Mills CNET News
Posted on ZDNet News: Oct 29, 2009 7:05:56 AM

On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.

In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their user name is filled in and they are prompted to provide their password.


Here is a screen shot of the message in the body of the fake Facebook e-mail. (Credit: AppRiver)

When they give that information, victims are taken to a page that offers an "Update Tool," but that is actually the Zeus bank Trojan that is designed to steal financial and personal data, Touchette said. Users of smart phones that have the Facebook app installed can also easily be duped because the phishing e-mail appears as an actual Facebook notification complete with Facebook icon, he said.

For more, read "Bank Trojan botnet targets Facebook users" from CNET News.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 61 Talkback(s)
well you can send them there bug back if you disect it
and i find adjusting something from a request to run to an auto run payload is normally a good way to start, then having it do fun stuff like delivering something really nasty that makes there pc tota... (Read the rest)
Posted by: nanotm Posted on: 11/02/09 You are currently: a Guest | | Terms of Use
Is it safe to assume  bobiroc | 10/29/09
Yes but...  Ceridan | 10/29/09
Windows only?  gertruded | 10/29/09
Don't be a hater...  Prime Waverider | 10/29/09
This is Windows only  terjeb@... | 10/29/09
You shouldn't ...  n0neXn0ne | 10/29/09
phraseology  dhays | 10/29/09
Is ...  n0neXn0ne | 10/29/09
Well it did say  bobiroc | 10/29/09
It was not a ...  n0neXn0ne | 10/29/09
That I will agree with  bobiroc | 10/29/09
Red herring  public@... | 10/29/09
absolutely You should always know what you're dealing with  CryptiCiptyrC | 10/29/09
rightly so trojan finder support  mdbobbo | 10/31/09
Windows security is going from bad to worse...  The Mentalist | 10/29/09
From Bad to worse  bobiroc | 10/29/09
Why would anyone write it to run in Linux, it wouldn't stand a chance...  The Mentalist | 10/29/09
Same in Windows too  bobiroc | 10/29/09
Nope. Definitely NOT the same, not by a long shot...  The Mentalist | 10/29/09
This is one of many attacks using Facebook.  phatkat | 10/29/09
Trojans only work in windows and in...  The Mentalist | 10/29/09
Funny thing about the relaxed security model  NonZealot | 10/29/09
And yet a .exe extension is all it takes to make it executable...  The Mentalist | 10/29/09
LOL, yet again, you are WRONG!!  NonZealot | 10/29/09
The executable permission is the default in windows, How relaxed is that?  The Mentalist | 10/29/09
But you were WRONG  NonZealot | 10/29/09
How do you accidentally untar a file inside an email?  The Mentalist | 10/29/09
Forgive me, I didn't realize you were command line only  NonZealot | 10/29/09
And how do "they totally PWN your system" if you are not administrator?  The Mentalist | 10/29/09
Seeing you use the phrase "in fact" sure makes me laugh!!  NonZealot | 10/29/09
You must teach me how to run a full session as root in Ubuntu cause...  The Mentalist | 10/29/09
Only possible in Windows?  rick@... | 10/29/09
LOL, you truly know nothing about Linux  NonZealot | 10/29/09
Know nothing about Linux huh? How about this...  The Mentalist | 10/29/09
You must have been reading Loverock's drivel or taking lessons from him  The Mentalist | 10/29/09
Forgive the Zealot troll - If he knew anything about Linux...  Wintel BSOD | 10/30/09
Windows haters are so pathetic - they lie a lot too  DougAlder | 10/30/09
Any prrof of that?  Wintel BSOD | 10/30/09
Giant shrimp and relevant discussion...  dominigan | 10/29/09
Correction: Not "user ignorance", it exploits relaxed security...  The Mentalist | 10/29/09
What does this have to do with Windows security?  rick@... | 10/29/09
Incorrect  terjeb@... | 10/29/09
To the posters above...  The Mentalist | 10/29/09
Mentalist: Help me understand  rick@... | 10/29/09
After downloading it is necessary to set permissions to make it executable.  The Mentalist | 10/29/09
So the person  bobiroc | 10/29/09
What the mental idiot isn't telling you about Linux  NonZealot | 10/29/09
Malware's "strategery" is to fool the user into running it without notice  The Mentalist | 10/29/09
Malware's "strategery" is to fool the user into running it - PERIOD  rick@... | 10/29/09
The same happened when you drank that kool-aid...  The Mentalist | 10/29/09
That's the best you can do?  rick@... | 10/29/09
Now I know they did not hide it from you...  The Mentalist | 10/29/09
Forget the Koolaid  rick@... | 10/29/09
This isn't UAC  Wintel BSOD | 10/30/09
Who need security anyway?  Tommy S. | 10/30/09
Comment deleted  public@... | 10/29/09
yes yes, windows users..  ljenux-23043766007667558234416105604265 | 10/30/09
but it looks and acts real...  rivardau | 10/30/09
Flogging familiar forgeries may soften success  mikewoodsophos | 10/30/09
knowing the enemy - and nuking them  mdbobbo | 10/31/09
well you can send them there bug back if you disect it  nanotm | 11/02/09

What do you think?