October 28th, 2009, 21:17 PM
Bank Trojan botnet targets Facebook users
On the heels of one fake Facebook e-mail scam, a researcher warned on Wednesday of another such campaign in which users of the popular social network are being tricked into revealing their passwords and downloading a Trojan that steals financial data.
In the latest scam being blasted to e-mail in-boxes, a legitimate-looking Facebook notice asks people to provide information to help the social network update its log-in system, said Fred Touchette, a senior security analyst at AppRiver. When the user clicks the "update" button in the e-mail, they are directed to a fake Facebook log-in screen where their user name is filled in and they are prompted to provide their password.
When they provider that information, victims are taken to a page that offers an "Update Tool," but that is actually the Zeus bank Trojan that is designed to steal financial and personal data, Touchette said.
Users of smart phones that have the Facebook app installed can also easily be duped because the phishing e-mail appears as an actual Facebook notification complete with Facebook icon, he said. The message is received in the e-mail in-box on the phone as well as under the Facebook notification section in the app itself, he added.
Full story: c|net