SOURCE: Red Condor, Inc.


October 28, 2009 19:04 ET

Red Condor Warns of Spoofed Facebook Blended Threat Email

Latest Threat Includes a Link to a Spoofed Facebook Login Page, Which Prompts Users to Reveal Personal Information and Then Download a Notorious "Banking Trojan"

ROHNERT PARK, CA--(Marketwire - October 28, 2009) - Email security experts at Red Condor have identified a second email threat in as many days posing as a message from Facebook administrators. Unlike the first threat identified October 27, 2009, today's email is a blended threat that includes both a phishing scam and a notorious "banking Trojan" virus. A link within the spam email takes users to a spoofed Facebook login page requesting the user's Facebook account information. After entering their credentials, users are then prompted to download "updatetool.exe" which is a Zbot Trojan variant. At the time Red Condor detected the threat, only one-third of anti-virus engines had detected it.

According to Red Condor's security experts the spoofed Facebook login page is fairly sophisticated and uses in the sub-domain portion of the malicious URL. As a result, people with small screen resolution or small browser windows/address bars size might think they are actually on Facebook's login page. The Trojan associated with this threat installs a sophisticated "banking Trojan" that is known to scour the infected hard-drive for personal banking information and various login credentials, as well as perform key logging and other nefarious activities.

In media reports from yesterday and today, security researchers uncovered a separate Facebook spoof email with downloadable files that included the Trojan virus Bredolab. This email threat was masked as the "Facebook Password Reset Confirmation." The threat identified today by Red Condor refers instead to implementing a new login system that will affect all Facebook users.

"Given the comfort level that millions of users have with Facebook, we want to make sure that everyone knows that there are multiple spoofed Facebook emails hitting inboxes, and that the blended threat email we are warning about is different than the one many media outlets have already reported," stated Dr. Tom Steding, chief executive officer of Red Condor. "Facebook has become phenomenally popular, which makes it a prime target for spammers and cybercriminals. Unprotected email users need to be increasingly aware of the variety of threats that will come to their inboxes posing as legitimate messages. This blended email threat is an interesting twist that seems to have baffled a number of AV engines."

The virus scam was detected by Red Condor's proprietary Spam Trigger (formerly Spam Trip Wire) technology. Spam Trigger identifies spam and virus campaigns before they penetrate users' networks. Suspicious campaigns are put on probation until a filter rule can be written to capture messages from the campaign. During the probationary period, messages from the suspicious campaigns are quarantined.

About Red Condor

Red Condor is revolutionizing spam fighting with its next generation technology. Red Condor's highly accurate email filter, hybrid architecture Vx Technology™, and fully managed appliances lead to a dramatic reduction in the cost of owning a premium spam filter. With solutions for small businesses, as well as ISPs with millions of email inboxes, Red Condor has a cost-effective, timesaving solution that is rapidly gaining market share. The system's design has built-in zero tolerance for lost email, and a near zero false positive rate while achieving long-term spam block rates greater than 99%. Red Condor Archive is a secure message archiving service with lifetime retention and unlimited storage. The company's next-generation technology is backed by a 24x7 customer care center staffed by email security experts at Red Condor's headquarters. For more information, visit

Contact Information