Some of the biggest companies in the world rely on Forcepoint security.

Close

Our Blog

Don't use that new Facebook Toolbar, I mean backdoor!

Share

Tuesday, May 11, 2010

Today our email honeypots found a new message that purported to be from Facebook, advertising a new toolbar.  TheFrom line was spoofed to look like the message had actually been sent from the Facebook team.  There is no specific recipient name in the message, so it's very generic in how it's addressed.  When a recipient downloads and runs the toolbar.exe file (SHA1 51bcf2fc766e7e59f9b8face45b18843a36f37a5) using a link in the message, they are installing a backdoor with decent coverage as a Zapchast IRC backdoor threat.

Screenshot of the malicious Facebook Toolbar email:

Websense Messaging and Websense Web Security customers are protected against this attack.

About the Author