A fake Facebook password reset email seems to be doing the rounds in the last few days. I fixed two computers today that had been infected by this particular malware.

Instead of having a fake Facebook page to collect the victims passwords (phishing), the email is sent with a malware attachment. The malware is known as “Bredolab” which is a Trojan downloader. In the two computers I repaired today, Bredolab downloaded some rogue antivirus products. However, some sites are saying that it also downloads a password stealing trojan.

If you see it onsite, Malware Bytes seems to deal with the Trojan once you kill the main executable (at least the rogue antivirus variants). Be sure to tell your clients to change their passwords after the infection has been removed as well.