# Fake Facebook password-reset emails are a botnet attack



## koala (Mar 27, 2005)

*http://www.downloadsquad.com/2009/10/28/fake-facebook-password-reset-emails-are-a-botnet-attack*

*http://blogs.zdnet.com/security/?p=4724&tag=nl.e550*


> If you didn't ask to have your Facebook password reset, think twice before opening an email that looks like it's from Facebook's support team. A lot of these fake password-reset emails have been going out lately, and the attachments they contain can take over your computer and add it to the Bredolab botnet, according to ZDnet.
> 
> Your first clue that these emails are sketchy is that they contain a zipped .exe file, which is a horribly insecure and inefficient way to send an account password. Although the mail looks like it comes from *support[at]facebook.com*, the address is just spoofed to fool you. The botnet behind this attack, Bredolab, is reportedly involved in some large-scale spamming and identity theft activities, so don't risk letting your computer become part of it.


----------

