New password-stealing virus targets Facebook

by Michael Smith (Veshengro)

According to Reuters Wire Services Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information.

The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to anti-virus software maker McAfee Inc.

If the attachment is opened, it downloads several types of malicious software, including a program that steals passwords, said McAfee.

This shows yet again how careful users have to be and also that users have to, finally, understand that rarely any service, whether FB or other, will contact users in such a way.

I have personally had a “stupid”, for that is the only word that comes to mind, email telling me that my login credentials had been lost due to a fault in their system and I should click on the link given in the email to sort it out. Right, and pigs fly.

Hackers have long targeted Facebook users, sending them tainted messages via the social networking company's own internal email system. With this new attack, they are using regular Internet email to spread their malicious software.

A Facebook spokesman said the company could not comment on the specific case, but pointed to a status update the company posted on its web site earlier on Wednesday warning users about the spoofed email and advising users to delete the email and to warn their friends.

McAfee estimates that hackers sent out tens of millions of spam across Europe, the United States and Asia since the campaign began.

Dave Marcus, McAfee's director of malware research and communications, said that he expects the hackers will succeed in infecting millions of computers.

"With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million," he said.

The email's subject line says "Facebook password reset confirmation customer support," according to Marcus.

But the email may also have other tag-lines and everyone be best advised to ignore and – if so inclined – report such emails to the companies concerned.

Once again my advice:

  1. Have good anti-virus protection and no, you do not have to pay for it. AVG will do nicely.

  2. Do not open any links that have been given in any such emails as reputable companies do not work in such a manner.

  3. In addition to that with regards to Facebook: Do not use any applications on that social network, especially none that are third-party and most of them, in fact, are. Many a virus and Trojan is hidden in them.

Beware that there are many scams going on and try not to be the next victim.

Copyright © 2010