{"id":72682,"date":"2011-02-10T05:54:48","date_gmt":"2011-02-10T05:54:48","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72682"},"modified":"2011-02-10T05:54:48","modified_gmt":"2011-02-10T05:54:48","slug":"facebook-notification-emails-spreads-malware","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/facebook-notification-emails-spreads-malware\/","title":{"rendered":"Facebook notification emails spreads malware"},"content":{"rendered":"<p>People have started getting the following email claiming that \u201cFacebook Copyrights Department\u201d has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow to fill the Copyright Law form.<br \/>\nhttps:\/\/www.facebook.com\/application_form<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/21.JPG\" alt=\"\" width=\"606\" height=\"449\" \/><\/p>\n<p>When we click on this URL &#8220;https:\/\/www.facebook.com\/application_form&#8221;,<br \/>\nit redirects to below URL and the &#8220;bot.exe&#8221; malicious binary gets downloaded.<\/p>\n<p>https:\/\/bon[xxxxx]elersport.nl\/facebook\/bot.exe<\/p>\n<p>After installation of this file it drop a copy of itself,<\/p>\n<p>%system%sdra64.exe<\/p>\n<p>It also create the following files once it is active,<\/p>\n<p>%system%\/lowsec\/local.ds &#8211; configuration file<br \/>\n%system%\/lowsec\/lowsec\/user.ds &#8211; stolen data<\/p>\n<p>It may steal the user&#8217;s account information as they are entered in the browser.<br \/>\nThe stolen information is then stored in its dropped file %system%\/lowsec\/lowsec\/user.ds.<\/p>\n<p>Quick Heal detects this malware as &#8220;Win32.Trojan-Spy.Zbot.gen.3&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>People have started getting the following email claiming that \u201cFacebook Copyrights Department\u201d has detected unusual Copyrights activity linked to your Facebook account , please follow the link bellow to fill the Copyright Law form. https:\/\/www.facebook.com\/application_form When we click on this URL &#8220;https:\/\/www.facebook.com\/application_form&#8221;, it redirects to below URL and the &#8220;bot.exe&#8221; malicious binary gets downloaded. https:\/\/bon[xxxxx]elersport.nl\/facebook\/bot.exe [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72682","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72682"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72682"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72682\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}