Websense: Don’t use that new Facebook Toolbar, I mean backdoor!
May 2010 by Websense
Today our email honeypots found a new message that purported to be from Facebook, advertising a new toolbar. The From line was spoofed to look like the message had actually been sent from the Facebook team. There is no specific recipient name in the message, so it’s very generic in how it’s addressed. When a recipient downloads and runs the toolbar.exe file (SHA1 51bcf2fc766e7e59f9b8face45b18843a36f37a5) using a link in the message, they are installing a backdoor with decent coverage as a Zapchast IRC backdoor threat.
Screenshot of the malicious Facebook Toolbar email: