Viruses spreading through social media networks is nothing new. The latest incarnation is masquerading as Facebook password reset emails. This particular e-mail claims that your Facebook password was reset to protect you and the new password has been attached to the e-mail. As you may expect, once the attachment is opened your PC will be infected with malware.
The malware in question is a trojan horse called Bredolab. This trojan injects itself into the explorer.exe process and runs the svchost.exe process. Bredolab itself doesn’t cause any further damage. However, it quietly operates in the background and downloads additional payloads (which can be rogue antispyware software or other malware) without your permission.
While it is common knowledge that one should never download attachments received from unknown sources, many users may still fall for this scam. Irrespective how authentic an e-mail appears, if it asks you to download an attachment something is bound to be fishy. Facebook will never send your password as attachments. And if you didn’t reset your password, then you shouldn’t be receiving a password reset email. Spread the message and prevent your friends and family from becoming victims.