What's happening: Facebook users are receiving emails saying their passwords have been reset and instructing them to open an attachment containing their new passwords.
What it means: Users opening the attachment risk having their computers taken over by cyber-criminals.
What to do: Make sure the IT Department is blocking these messages at the spam filter. Alert staff to disregard these emails, both at work and at home, should they get through spam filters. Consider replacing your anti-malware solution with an intrusion detection and prevention system..
**********************************
Computer World: Massive bot attack spoofs Facebook password messages. 'Bredolab' Trojan rides fake reset messages, reaches at least 735,000 users
A massive bot-based attack has been hitting Facebook users, with nearly three-quarters of a million users receiving fake password reset messages, according to security researchers.
http://www.computerworld.com/s/article/9140058/Massive_bot_attack_spoofs_Facebook_password_messages?source=CTWNLE_nlt_security_2009-10-29