Scammers never give up, although various sorts of phishing scams have been blocked by Facebook. It seemed that the more serious one appears to be the fake email with the malicious “updatetool.exe attachment”, as reported by Webroot, an established security experts on the Web.

This fake email is pretends to be from the Facebook administrators. If the victim chooses to go further, he or she will end up at a spoof Facebook login page which prompts users to reveal his / her Facebook password as well as download the file attachment. The message in the fake email itself claimed that the user’s Facebook profile password was reset. In order to retrieve the password, a user need to download and open the attachment. In fact, the file attachment, i.e. “updatetool.exe” is actually the Zeus trojan, a trojan from the Bredolab family.

If you come across similar email in your inbox, straight away delete the fake email. Never fill in secret information on suspicious sites, other than the Facebook homepage, i.e. https:www.facebook.com and avoid downloading the file attachment shown in below.