Latest email scams continue unabated to deliver dropped malware

SYDNEY, AUSTRALIA – April 12, 2010 – Facebook and MySpace users are again the targets of spam waves that have been dishing out more than 500 infected email messages at 10 minute intervals. BitDefender has today found two campaigns targeting Facebook and MySpace account holders in the form of emails notifying them that passwords to their accounts have been changed due to security reasons. The recipients of this fake notification are prompted to open an attached .zip file in order to find out their new allocated password.

The behavior of Trojan.Oficla.J and Trojan.Fakealert.BZZis are worryingly similar to that of Trojan.Dropper.Oficla.G, which plagued Facebook users last month. The new threats contains malicious or potentially unwanted software which it ‘drops’ and installs on the system.

Upon installation, the latest trojans automatically minimises any open browser windows to display a warning message. This message notifies the user about several alleged computer infections and points out the necessity of installing a security solution.

By clicking either the ‘OK’ or ‘Cancel’ buttons of the various pop-up windows appearing on the screen, the user activates a false antivirus scanning process that detects oodles of malware in the system, whilst other fake pop-up windows attempt to trick the user into downloading the malicious program posing as the antivirus.

Once installed, it modifies and damages the content of several system files, whilst delivering numerous pop-ups on sham system problems and fake infections.

In order to stay safe, BitDefender recommends you never open attachments coming from unknown contacts. They also suggest people install and update a complete antimalware software solution.