New Spam Targeting Facebook Users Is Invisible to Most Virus Scans, Says UAB Expert

Cyber-criminals are using fake e-mails to target Facebook users and deliver computer viruses that were being detected only by one-third of the 42 most common anti-virus products as of noon Thursday, March 18, says a leading cyber-crime researcher at the University of Alabama at Birmingham (UAB).

   March 18, 2010

Gary Warner. Download image.

BIRMINGHAM, Ala. ­- Cyber-criminals are using fake e-mails to target Facebook users and deliver computer viruses that were being detected only by one-third of the 42 most common anti-virus products as of noon Thursday, March 18, says a leading cyber-crime researcher at the University of Alabama at Birmingham (UAB).

Gary Warner, the UAB director of research in computer forensics, says his team in the UAB Spam Data Mine has been tracking the Facebook spam campaign for the past three days. While it is not in the data mine's list of the top 10 most prevalent malware threats, Warner says the fake Facebook messages and related viruses are serious.

"The malware being delivered is called 'BredoLab.' It has been occasionally spread by spam since May of 2009," Warner says. "The UAB Spam Data Mine has observed at least eight versions of the Facebook BredoLab malware since March 16.

"What is troubling is the newer versions of the BredoLab used in this latest attack campaign are not being detected by the majority of anti-virus services - and that means the majority of users who unwittingly click on the bogus attachments linked to fake e-mails are going to have their computers infected," Warner says.

In this new campaign, cyber-criminals are using regular Internet e-mail services to deliver the false Facebook messages to the social media site's customers. The spam messages ask recipients to open an attachment in order to obtain new Facebook login information. Clicking the attachment exposes a user's computer to the BredoLab malware.

"Once a computer is infected with BredoLab, the cyber-criminals are able to add any other malicious software they desire to the infected computer, including password-stealing software, fake anti-virus software and spam-sending software," Warner says.

Warner warns that any legitimate company would never ask a customer to update his or her personal account information in an e-mail or through e-mail-embedded links or attachments.

"If there are questions about one of your account profiles, visit the site in question through your Web browser and log in as you normally would," he says. "If an entity has an important message for you, you'll be able to find it on its Web page."

Follow Warner on his top-rated blog for the latest on cyber-crime and computer threats: http://garwarner.blogspot.com/.

About UAB

UAB Computer Forensics Research is on the front lines of cyber-crime and takes a three-part approach in its response to the problem: academic training to prepare the next generation cyber-crime investigators, increase public awareness of cyber-crime and research to develop cutting-edge options for battling cyber-criminals.