Below is a media alert by AMIT KLEIN, CTO, TRUSTEER on a new configuration of the Carberp Trojan that is being used by criminals to target Facebook users to commit financial fraud. Unlike previous Facebook attacks designed to steal user credentials from the log-in page, this clever man-in-the-browser (MitB) attack attempts to steal money by duping the user into divulging an e-cash voucher. The attack exploits the trust users have in the Facebook website and the ease with which criminals can exploit the anonymity of e-cash vouchers to use or sell the vouchers immediately anywhere they are accepted on the internet. With the growing adoption of e-cash on the internet, Trusteer expects to see more of these attacks. With e-cash, however, it is the account holder not the financial institution who assumes the liability for fraudulent transactions.