Hackers are spreading a rumor regarding Facebook, describingit as a botnet that is used it to infect Facebook users with rogueanti-malware.

In the last 48 hours a rumor was spread claiming that an“unnamed app” in Facebook is actually a bot Trojan. The rumor was a hoax, andhackers used it to distribute malicious fake antivirus software (Rougeanti-malware). When Googling for “unnamed app”, people received links to siteswhich pose as security sites but are actually fake antivirus traps – rogueanti-malware sites.

Please be aware.

The malicious activity that comes from Chinese servers isknown for a long time. In many cases we are seeing the use of Chinese serversby bots that being spread over the web. Most of these bots are beingpropagated in order to steal identity, information, backdoor etc’.

But there is also other activity, unlike these bots that arebeing operated by hackers there is also a cyber-war.

We know that countries are using hacking techniques in orderto espionage against other countries, security organizations employing hackersin order to penetrate to other countries servers, and from the Google incidentin China we actually know something that was clear to everybody – the bigbrother is watching you.  

The “Foreign Policy” web site (http://www.foreignpolicy.com/)published a very interesting article that reviews the top 10 Chinese cyberattacks (that we know of) against US government sites:

http://thecable.foreignpolicy.com/posts/2010/01/22/the_top_10_chinese_cyber
_attacks_that_we_know_of

 More from MS site: http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx

Facebook users are once again under attack. A new variant of Bredolab Trojan is spreading through spam email messages appearing to come from Facebook.

The messages pretend to come from the “The Facebook Team”, while the real SMTP from address is in fact spoofed. However, an attached archive file containing an executable file may infect users with a Trojan horse.

The following is an example of the spammed email messages:

The attachment may come with the following name:

Facebook_Password_3db40.zip
or
Facebook_Password_[5 random characters].zip

This Bredolab Trojan downloads and executes further malware files on the affected machine such as rogue anti-virus software, and in order to bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe.