Facebook notification emails spreads malware

People have started getting the following email claiming that “Facebook Copyrights Department” has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow to fill the Copyright Law form.

When we click on this URL “https://www.facebook.com/application_form”,
it redirects to below URL and the “bot.exe” malicious binary gets downloaded.


After installation of this file it drop a copy of itself,


It also create the following files once it is active,

%system%/lowsec/local.ds – configuration file
%system%/lowsec/lowsec/user.ds – stolen data

It may steal the user’s account information as they are entered in the browser.
The stolen information is then stored in its dropped file %system%/lowsec/lowsec/user.ds.

Quick Heal detects this malware as “Win32.Trojan-Spy.Zbot.gen.3”.

Anand Yadav

Anand Yadav

No Comments, Be The First!

Your email address will not be published.