*Importance:* High All: If you are a Facebook user, you may have recently received an email with the subject: *Facebook Password Reset Confirmation Customer Support. **The *address of the sender is spoofed to display support@xxxxxxxxxxxx *THIS IS MALWARE BOTNET – DO NOT OPEN THIS MESSAGE!* The message reads, “*Dear user of Facebook, Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document. Thanks, Your Facebook.*” *According to TrendMicro, “The malware being delivered is a botnet and is called ‘BredoLab.’ It has been occasionally spread by spam since May of 2009,**” **There have been at least eight versions of the Facebook BredoLab malware observed since March 16, 2010**. * *“**What is troubling is the newer versions of the BredoLab used in this latest attack campaign are not being detected by the majority of anti-virus services — and that means the majority of users who unwittingly click on the bogus attachments linked to fake e-mails are going to have their computers infected**“. *To bypass firewalls, it injects its own code into legitimate processes.** The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-theft related attacks. BREDOLAB is a software that enables cybercriminal organizations to deliver any kind of software to its victims. Once a user’s machine is infected by BREDOLAB, it will receive regular malware updates the same way it receives software updates from the user’s security vendor. To clean and protect your home machine, both anti-virus and anti-malware/anti-spyware software should be run daily (or nightly).
