TMCnews Featured Article

In the second e-mail threat detected in two days, e-mail security experts at Red Condor, recently issued an advisory notifying users of a banking Trojan that has been posing as a message from Facebook administrators.

The latest e-mail threat is what experts call a blended one. It has the twin characteristics of a phishing scam and an infamous “banking Trojan” virus. The spam e-mail contains a link; when users click on the link they are taken to a copycat Facebook (News - Alert) login page which ask for their Facebook account login information. Once these details are keyed in, users get a dialog box asking them to download “updatetool.exe”. This is a Zbot Trojan subtype. When Red Condor detected the e-mail threat, only one-third of active anti-virus engines had caught on to the problem.

Red Condor’s security specialists said that the spoofed Facebook login page is quite -technologically advanced and even uses www.facebook.com in the sub-domain part of the malevolent URL. Users who have consoles with limited screen resolution or small browser windows and address bars could get misled to believing that they are in fact on Facebook’s login page. Once installed, the underlying banking Trojan goes through the hard drive of the user and culls out stored personal banking information and other login information. It does key logging and other malicious activities to procure this information.

Security researchers discovered another Facebook spoof e-mail with downloadable files that had the Trojan virus Bredolab after sections of the media had reported about the same. This e-mail threat was disguised as a “Facebook Password Reset Confirmation”. The e-mail threat discovered by experts at Red Condor is a separate one and concerns the execution of a new login system which is expected to affect all users of the popular social networking site.

Tom Steding, CEO of Red Condor said that with millions of internet users logging on to Facebook every day, it was imperative that they were aware of the multiple spoofed e-mails which were being sent to inboxes. Users also needed to distinguish this threat from the ones already reported. He continued, “Facebook has become phenomenally popular, which makes it a prime target for spammers and cybercriminals. Unprotected e-mail users need to be increasingly aware of the variety of threats that will come to their inboxes posing as legitimate messages. This blended e-mail threat is an interesting twist that seems to have baffled a number of AV engines."

Red Condor used its proprietary software Spam Trigger to detect the latest e-mail security threat. Spam Trigger looks for spam and virus campaigns before they get a chance to infect users’ systems. Doubtful campaigns are put on probation and a filter rule is executed to procure messages from the campaign. Messages from the doubtful campaigns are placed in quarantine while they are in probation.