People have started getting the following email claiming that “Facebook Copyrights Department” has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow to fill the Copyright Law form.
When we click on this URL “https://www.facebook.com/application_form”,
it redirects to below URL and the “bot.exe” malicious binary gets downloaded.
After installation of this file it drop a copy of itself,
It also create the following files once it is active,
%system%/lowsec/local.ds – configuration file
%system%/lowsec/lowsec/user.ds – stolen data
It may steal the user’s account information as they are entered in the browser.
The stolen information is then stored in its dropped file %system%/lowsec/lowsec/user.ds.
Quick Heal detects this malware as “Win32.Trojan-Spy.Zbot.gen.3”.