Facebook Password: T_R_O_J_A_N

A deceptive password change message sent on behalf of Facebook

Yesterday evening, a malware distribution campaign using Facebook® as bait made some pretty nasty waves. Apparently legitimate e-mails notified Facebook® users that the passwords to their accounts have been changed due to security reasons. The recipients of this fake notification were supposed to open an attached .zip file in order to find out their new allocated password.

Facebook Spam Message

Instead of a new password, the zip file hides Trojan.Dropper.Oficla.G. As its name suggests – Trojan Dropper- this piece of malware contains malicious or potentially unwanted software which it ‘drops’ and installs on the system. Frequently, the dropper installs a backdoor which allows remote, clandestine access to the infected system. This backdoor may then be used by cybercriminals to upload and install additional malicious or potentially unwanted software on the system.

Fecebook Trojan

According to the BitDefender Monitoring Systems the distribution of the spam messages carrying this piece of malware started on the evening of March 17th, 2010. Since then,    spam “waves” have reached significant proportions,  in some cases more than 200 spam messages being sent out in 30 minutes.

Moreover, the infection rates reflected by the BitDefender Real-Time Virus Reporting Systemindicate the beginning of a massive spreading of Trojan.Dropper.Oficla.G. Although this phenomenon has just started, it seems that it’s just a matter of (quite little) time before the cybercriminals control a huge number of systems.

Trojan Dropper Oficla Infection Rates

Infection rates are expected to boom because the social engineering behind this mechanism proves to be efficient. Facebook®  is a highly popular social network and accessing it for discussions or for its popular applications has become a daily habit for very many people. No matter why they access the social network, the e-mail informing them about the alleged password change is likely to drive them towards the same result: open the file to take a look inside and ultimately… get infected.

In order to stay safe, BitDefender recommends you to never open the attachments coming from unknown contacts as well as to install and update a complete antimalware software solution.


Information in this article is available courtesy of Daniel Dichiu, BitDefender Online Threats Researcher

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.