Recently, Facebook introduced some changes to its users’ profile pages, which were meant to make it “even easier for you to tell your story and learn about your friends,” said the official announcement.
It’s probably not a coincidence that soon after this announcement was made, we received fake email messages allegedly coming from Facebook. These told the recipients to download the Facebook toolbar, which supposedly makes it easier for users to share and connect with their friends.
Note how the spammed message used a template similar to Facebook’s own to seem legitimate. The Download Here button goes to a website that will automatically download an executable file named fb.exe. This contains several component files, one of which is a malicious file detected as IRC_ZAPCHAST.HU.
In addition to detecting the malicious file, we also detect and block the spammed message and the URL where fb.exe is hosted.