May 11, 2010

Don't use that new Facebook Toolbar, I mean backdoor!

Chris Astacio

Today our email honeypots found a new message that purported to be from Facebook, advertising a new toolbar.  TheFrom line was spoofed to look like the message had actually been sent from the Facebook team.  There is no specific recipient name in the message, so it's very generic in how it's addressed.  When a recipient downloads and runs the toolbar.exe file (SHA1 51bcf2fc766e7e59f9b8face45b18843a36f37a5) using a link in the message, they are installing a backdoor with decent coverage as a Zapchast IRC backdoor threat.

Screenshot of the malicious Facebook Toolbar email:

Websense Messaging and Websense Web Security customers are protected against this attack.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.