This website uses cookies. By continuing to browse this website, you accept our use of cookies and our Cookie Policy. Close

NEW! Cloud Security Gateway — SWG, CASB, and DLP in a single product.

Tuesday, May 11, 2010

Don't use that new Facebook Toolbar, I mean backdoor!


Today our email honeypots found a new message that purported to be from Facebook, advertising a new toolbar.  TheFrom line was spoofed to look like the message had actually been sent from the Facebook team.  There is no specific recipient name in the message, so it's very generic in how it's addressed.  When a recipient downloads and runs the toolbar.exe file (SHA1 51bcf2fc766e7e59f9b8face45b18843a36f37a5) using a link in the message, they are installing a backdoor with decent coverage as a Zapchast IRC backdoor threat.

Screenshot of the malicious Facebook Toolbar email:

Websense Messaging and Websense Web Security customers are protected against this attack.

About the Author