Who Fell for the Facebook Password Reset Scam Yesterday?

Unfortunately, a lot of people didn’t realize that the email and attachment we posted yesterday was not really from “The Facebook Team”. ThreatFire users were protected from the Bredolab downloader and its Zbot payload, and it’s a good thing too. Here is some information on who fell for it by country:


The bulk of the protected systems were in the U.S., where the number of Facebook users are higher than anywhere else. Below is a non-exhaustive list of banks that the group has targeted with Zbot payloads from the ip address that the Bredolab downloaders pulled from. Surprisingly, the cybercrime group decided to mess with U.S. military members at usaa.com:

https://businessonline.huntington .com
https://business-eb.ibanking-services .com
https://securentrycorp.nbarizona .com
https://treas-mgt.frostbank .com
https://www8.comerica .com
https://cashmgt.firsttennessee .biz
https://www.usaa .com
https://*netspend .com
https://www.mybank.alliance-leicester.co .uk

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>