X

Bank Trojan botnet targets Facebook users

Latest Facebook phishing e-mail steals passwords and downloads a Trojan on victims' computers that can steal bank account information and financial data.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read

On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.

In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their user name is filled in and they are prompted to provide their password.

This is a screen shot of the message in the body of the fake Facebook e-mail. AppRiver

When they provider that information, victims are taken to a page that offers an "Update Tool," but that is actually the Zeus bank Trojan that is designed to steal financial and personal data, Touchette said.

Users of smart phones that have the Facebook app installed can also easily be duped because the phishing e-mail appears as an actual Facebook notification complete with Facebook icon, he said. The message is received in the e-mail in-box on the phone as well as under the Facebook notification section in the app itself, he added.

There are likely to be a lot of victims given how many e-mails the scammers are sending. AppRiver has captured about 6 million e-mails in its filters and noticed that the messages were coming in at a rate of 30,000 a minute at one point, according to Touchette. That's about 10 times the usual botnet e-mail message rate, he said.

More details are on the AppRiver blog.

On Tuesday, researchers reported that a different botnet, Bredolab, was distributing fake "Facebook Password Reset Confirmation" e-mails that included a Trojan. As of late Wednesday night, security provider Cloudmark said it had seen more than 730,000 of the Bredolab-related e-mails.

To protect against such phishing attacks, people should be extremely cautious about clicking on links in e-mails and they can mouse over the link to see if the domain is a legitimate domain, Touchette said.

Meanwhile, Facebook users should easily be tipped off that the latest scam is just that, a scam, he said. "Facebook doesn't need all of its users to update their accounts in order for them to make changes to their site," he added.

If there is any question about the legitimacy of the e-mail or the link, users should close the e-mail and go directly to the site to check for important notices to customers, he said.

This is the prompt Facebook users get as part of the latest phishing scam. Downloading the "update tool" installs a Trojan. AppRiver