Summary: Email, purporting to be from Facebook, claims that the user's Facebook password has been changed and informs him or her that the new password can be found in an attached document (Full commentary below).
Status: Email is not from Facebook. Message is designed to trick recipients into installing a malicious trojan
Example:(Submitted, October 2009)
Subject: Facebook Password Reset Confirmation
Hey [name removed],
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
The Facebook Team
This email, which appears to be an automated message from popular social networking website Facebook, informs the recipient that his or her Facebook password has been reset, supposedly as a security measure. It claims that the user's new password can be accessed by opening a file attached to the email.
However, the message is not from Facebook and the claim that the user's Facebook password has been changed is untrue. In fact, the message is a trick designed to fool recipients into installing a trojan on their computer. Those who open the attached file, ostensibly to view their new password, will in fact be launching a copy of the Bredolab Trojan. Once installed, the trojan is able to download and install other malware components such as keyloggers and password stealers and allow Internet criminals to control the compromised computer from afar.
Facebook users should be wary of any emails claiming to be from Facebook that contain attachments or ask them to click a link to access a new password or provide login information. Note that, even if a password is reset, Facebook will never send a user a new password via an email attachment. If you receive such an email, do not open an attachments that come with the message. Nor should you click on any links in the email. Malware distributors sometimes trick users into clicking a link in an email that downloads a trojan from a malicious website. And, phishing scammers have also used bogus Facebook messages to trick users into supplying their login credentials and other sensitive personal information.
It is also important to note the Bredolab Trojan is also distributed via emails not related to Facebook, including bogus shipping confirmation messages and messages supposedly confirming the order of goods bought online.