Fake Facebook Password Reset Email Links to Malware
OutlineEmail purporting to be from Facebook claims that your password has been reset due to suspicious activity and you must click a link to 'restore the password'.
Brief AnalysisThe email is not from Facebook and your password has not been reset as claimed. The link in the message opens a website that contains malware that can join your computer to the Asprox botnet.
- Facebook Trojan Email - 'Your Password is Changed'
- Facebook Password Reset Confirmation Trojan Email
- Malware Threat Articles
Subject: Facebook password change
Your Facebook password was been reset on Thursday, December 11, 2014 at 11:48AM (UTC) due to suspicious activity of your account.
Operating system: Android
IP address: 22.214.171.124
Estimated location: New Oxford, PA, US
To restore the password complete this form, please, your request will be considered within 24 hours.
The Facebook Security Team
'Facebook' Email Claims Your Password Has Been Reset
The message claims that you should click a link to fill in a form so that the password can be restored.
The email features the Facebook name logo along with the social network's familiar blue and white colour scheme.
Email Is Not From Facebook - Link Opens Malware Website
Instead, the message is an attempt to trick you into installing malware.
If you click the link as instructed, you will be taken to a compromised website that contains the malware.
The download file will conduct a test to see if you are using a targeted browser and operating system. If so, a .zip file will be downloaded to your computer. The .zip contains a .exe file. Clicking the .exe installs the malware.
Once installed, the malware will join your computer to the Asprox botnet.
The operating system, browser, and location details in the emails may vary.
If this email comes your way, do not click any links or open any attachments that it contains.
© Depositphotos.com/ Ai825
Last updated: December 12, 2014
First published: December 12, 2014
By Brett M. Christensen