Facebook notification emails spreads malware

People have started getting the following email claiming that “Facebook Copyrights Department” has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow to fill the Copyright Law form.
https://www.facebook.com/application_form

When we click on this URL “https://www.facebook.com/application_form”,
it redirects to below URL and the “bot.exe” malicious binary gets downloaded.

https://bon[xxxxx]elersport.nl/facebook/bot.exe

After installation of this file it drop a copy of itself,

%system%sdra64.exe

It also create the following files once it is active,

%system%/lowsec/local.ds – configuration file
%system%/lowsec/lowsec/user.ds – stolen data

It may steal the user’s account information as they are entered in the browser.
The stolen information is then stored in its dropped file %system%/lowsec/lowsec/user.ds.

Quick Heal detects this malware as “Win32.Trojan-Spy.Zbot.gen.3”.