Remember Bredolab virus that uses social engineering to target Faceebook member? Apparently the problem has continued, but with a more sophisticated way.
In order not to invite suspicion from the user, is now spreading to include attachments, as before, but will appear as an email from admin Facebook.
Contents in order to inform the user to update the account with the convenience and security reasons while visiting the site.
If the update button is clicked the user will be delivered to the web log was falsified. Yet this is not a web log Facebook’s original, but to accommodate victims username and password.
This web log has a fake address different, for example http://www.facebook.com.xxxxx.eu/globaldirectory/LoginFacebook.php?ref=1584270691543478059651590405901802254672004589860384285&email=xxxxxxx @ xxxx.com. Where xxxxx is a random character.
If a cursory note, fake web log is similar to the original web log Faceebok. But if tracked more closely so there are some notable differences.
At the time of filling the user name and password, it will open a new page that contains a link to download the tool update your account with the name [updatetool.exe] who actually is a virus / trojan that will infect your computer.
Subject email sent by the virus will usually be different as New login system, update your Facebook, Facebook Update Tools. The virus has a file size of around 105 KB with the name [updatetools.exe].
If the file is run it will create a master file with the name [C: WINDOWSsystem32sdra64.exe] and served injects some Windows process such as: C: WindowsSyste32services.exe, C: WindowsSystem32lsass.exe, C: WindowsSystem32svchost.exe, C: WindowsSystem32alg.exe, C: ProgramFilesinternet exploreriexplore.exe.
In order not easily be deleted by the virus, the file will be hidden even if the user is displaying hidden files. It also will create some files also will be hidden in order not easily be deleted. C: Windowssystem32lowsec, local.ds, user.ds, user.ds.lll.
To spread itself, the virus will send phishing emails to all addresses that have been obtained and containing a notification to users who have a Facebook account to update his account tehadap.
So please be careful when receiving email from the Admin Facebook though. If an email with the subject at the top should be removed immediately and do not follow the information contained in the email.
