"Your account info has been changed" - Fake Facebook notification delivers keylogger

A spam mail that poses as a notification from Facebook and claims recipient's account information has been changed , leads to malware attack.

The spam mail with subject "Your account information has been changed" hides the content and ask users to install the Microsoft Silverlight in order to view the content. If you take your mouse over the image link, it points to a .PIF(Windows executable file) file hosted in Malaysian IP address. BarracudaLabs identified this trojan as Trojan.Win32.Jorik.

Clicking on the Silverlight graphic does warn you that you’re about to run a program. This is why the Microsoft graphic is a clever addition to the ruse – you think you should be running a Microsoft program, and it’s doing exactly what you expect.

Once you click the Run button, the Trojan will take care of your system and send your keystorkes to it's master.