Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Symantec Threat Bulletin - 28 October 2009

Symantec Security Response has observed that spammers are attempting to use Facebook’s popularity to spread Trojan.Bredolab
  • 28 October, 2009 16:46

<p>28 October 2009 - Spammers are once again turning their efforts to trusted social networking sites to lure in unsuspecting victims, and this time it’s Facebook. Symantec Security Response has observed that spammers are attempting to use Facebook’s popularity to spread Trojan.Bredolab, a threat that has been consistently and widely distributed this year. This trojan is capable of downloading password stealers, bots, rootkits, backdoors and misleading applications.</p>
<p>Spammers are misleading users by sending a false Facebook notification email about their password. The notification advises users that their passwords have been changed due to safety measures taken to protect Facebook users. The notification claims that a new password is provided in an attachment to the message. However, in reality the attachment holds a .zip file that contains Trojan.Bredolab.</p>
<p>Symantec advises consumers to:</p>
<p>Be careful what you click on. Exercise caution when clicking on links from unknown senders</p>
<p>Remember never to respond to spam. A response will let the spammer know he has reached an active email address, and this just leads to even more spam. Likewise, clicking on links within a spam email that promises to remove you from the sender's mailing list will again reaffirm the email address is active for the spammer. Delete suspicious email without reading it.</p>
<p>Get multiple email addresses for multiple purposes. Have one email address specifically for personal use, known only to family, friends and colleagues. Another email address could be used for mailing lists and newsletters, and still another for online inquires and orders.</p>
<p>Watch where you post your email address. To avoid being caught by bots collecting email addresses, don’t post your full email address on any publicly accessible Web page.</p>
<p>Deploy protection: Ensure you are using an up-to-date security solution that protects against spam and viruses whilst still allowing legitimate email through. Use security software, such as Norton Internet Security 2010. Check out web safety services such as Norton Safe Web where a community of web users collaborate to report dangerous phishing and malware sites.</p>
<p>Please let us know if you have any questions or would like to speak with a Symantec expert.</p>
<p>Press Contact:</p>
<p>Jasmin Athwal</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>

Most Popular