Fake 'Facebook Account Update' and 'Myspace Password Reset Confirmation' Phishing Emails Contain Malware

If you are an active user of Facebook or MySpace, then you may want to take note of the recent scamming and phishing attacks that could install malware on your computer.

Computer users have encompassed various phishing attacks through Facebook and MySpace spam messages. These messages were found to be laden with malicious links that redirect users to a phishing site where login credentials can be obtained.

The latest malicious spam can persuade users to log in by using a false link. The email pretends to make a computer user’s online experience more secure and pleasing by updating their credentials. The fake messages allege to come from either Facebook or MySpace. Users will receive an email that appears to be an official Facebook invite or a password reset confirmation but actually contains a zip file that, if opened, loads an .exe file, which was found to be the vicious Trojan.Bredolab parasite. By using this nasty parasite, hackers are not only enabled to gain a user's password and user name but, access Facebook accounts, computer files and bank accounts.

If an unsuspecting user clicks on the 'update' button, then he or she will be redirected to a bogus Facebook site where they will be asked to enter a password for completion of the updating process. When the Facebook user does this, the hacker takes position of their password enabling them to perform other malicious actions with the user's account. The misleading subject line for the phishing emails usually says something along the lines of the following:

• 'Facebook account update'
• 'New login system'
• 'Facebook update tool'

The malicious email subject lines for the MySpace phishing emails may read:

• 'Myspace Password Reset Confirmation'
• 'Myspace office on fire'
• 'Myspace was ruined'

The fake MySpace message will simply state that their password was reset and that the new password is included in an attached document which is another devilish approach to tricking computer users into giving up their login credentials.

What should you do to avoid such malicious attacks on Facebook and MySpace?

It's strongly advised to check the website of the organization that sent the email. Users are also encouraged to never provide personal information such as your login and password. It is also a good idea to update your anti-virus software. All computer users should be vigilant of dubious attachments and password reset requests while at the same time be careful when clicking links to websites within email messages. Users should note that legitimate websites will never send an attachment to reset a password.