Contact Information: Media Contact: Kevin Wilson 513-898-1008
Red Condor Warns of Spoofed Facebook Blended Threat Email
Latest Threat Includes a Link to a Spoofed Facebook Login Page, Which Prompts Users to Reveal Personal Information and Then Download a Notorious "Banking Trojan"
| Source: Red Condor, Inc.
ROHNERT PARK, CA--(Marketwire - October 28, 2009) - Email security experts at Red Condor have identified a second
email threat in as many days posing as a message from Facebook
administrators. Unlike the first threat identified October 27, 2009,
today's email is a blended threat that includes both a phishing scam and a
notorious "banking Trojan" virus. A link within the spam email takes users
to a spoofed Facebook login page requesting the user's Facebook account
information. After entering their credentials, users are then prompted to
download "updatetool.exe" which is a Zbot Trojan variant. At the time Red
Condor detected the threat, only one-third of anti-virus engines had
detected it.
According to Red Condor's security experts the spoofed Facebook login page
is fairly sophisticated and uses www.facebook.com in the sub-domain portion
of the malicious URL. As a result, people with small screen resolution or
small browser windows/address bars size might think they are actually on
Facebook's login page. The Trojan associated with this threat installs a
sophisticated "banking Trojan" that is known to scour the infected
hard-drive for personal banking information and various login credentials,
as well as perform key logging and other nefarious activities.
In media reports from yesterday and today, security researchers
uncovered a separate Facebook spoof email with downloadable files that
included the Trojan virus Bredolab. This email threat was masked as the
"Facebook Password Reset Confirmation." The threat identified today by Red
Condor refers instead to implementing a new login system that will affect
all Facebook users.
"Given the comfort level that millions of users have with Facebook, we want
to make sure that everyone knows that there are multiple spoofed Facebook
emails hitting inboxes, and that the blended threat email we are warning
about is different than the one many media outlets have already reported,"
stated Dr. Tom Steding, chief executive officer of Red Condor. "Facebook has become
phenomenally popular, which makes it a prime target for spammers and
cybercriminals. Unprotected email users need to be increasingly aware of
the variety of threats that will come to their inboxes posing as legitimate
messages. This blended email threat is an interesting twist that seems to
have baffled a number of AV engines."
The virus scam was detected by Red Condor's proprietary Spam Trigger
(formerly Spam Trip Wire) technology. Spam Trigger identifies spam and
virus campaigns before they penetrate users' networks. Suspicious campaigns
are put on probation until a filter rule can be written to capture messages
from the campaign. During the probationary period, messages from the
suspicious campaigns are quarantined.
About Red Condor
Red Condor is revolutionizing spam fighting with its next generation
technology. Red Condor's highly accurate email filter, hybrid
architecture Vx Technology™, and fully managed
appliances lead to a dramatic reduction in the cost of owning a premium
spam filter.
With solutions for small businesses,
as well as ISPs with millions of email inboxes, Red Condor has a
cost-effective, timesaving solution that is rapidly gaining market share.
The system's design has built-in zero tolerance for lost email, and a near
zero false positive rate while achieving long-term spam block rates greater
than 99%. Red Condor Archive is a secure message archiving service with
lifetime retention and unlimited storage. The company's next-generation
technology is backed by a 24x7 customer care center staffed by email
security experts at Red Condor's headquarters. For more information, visit
www.redcondor.com.