Trojan disguised as a toolbar for Facebook

A Facebook toolbar is just what you need to make your sharing and connecting with friends easier, says in an email supposedly coming from “Facebook.com”:

If you decide to click on the download link, the downloaded file (“toolbar.exe”) will present itself with an icon of a black ball with “darkSector” written on it. That should be enough to raise suspicion, and a look at the file properties should be in order:

Sure enough, the properties reveal a positive jumble of information that has no connection whatsoever to Facebook (HijackThis is a well-known piece of security software from Trend Micro).

But, even if you wanted to download HijackThis, this isn’t it. Symantec detects the file as a dropper Trojan, and recommends everyone to take this simple little step to check every file that looks suspicious for any reason and whose provenience you doubt – oftentimes, the attackers won’t even bother to properly disguise the file they are sending, or will do it badly.