The toolbar is forged, but is well crafted. The mails appear to have come from Facebook and use the site's template also. The subject of the mail is "Hello dear friend!" and the message is signed by "The Facebook Team".

It reads: "Hi dear Friend. Now you can download the Facebook toolbar. Now it will be easier than ever to share and connect with your friends. Thanks". The message comes with a big green button which says "Download Here", which on clicking, takes to a site serving a file calledfb.exe for download.

As per Trend Micro, this file is actually a variant of the Zapchast IRC backdoor.

Security expert state that Backdoor.IRC.Zapchast installs IRC scripts and configuration files that enable the infected system to be used as a zombie. The infected machine connects to some IRC channels mentioned in the configuration files and is controlled by the hacker. Also, some Zapchast variants come infected a computer virus called Parite.B.

Cristina Buenviaje, Anti-Spam Research Engineer at Trend Micro said that, lately, Facebook brought in some changes to the profile pages of its users which make it easier for users to display their latest activities and to know about their friends. Also, it is not a matter of concurrence that soon after this change, they started getting fake mails from Facebook, as per the news by blog.trendmicro.com on December 9, 2010.

The security experts claim that it has become an expected pattern. Everytime Facebook initiates some changes; the attackers launch mail campaigns that misuse the change and lure users into installing malware.

Facebook has attempted in the past to increase the security level, but as per from BitDefender, an Internet Security Firm, is filled with Trojan horses, keyloggers and other kinds of malware. The viruses could be found in harmful links and other third-part applications.