For those who opt for the first option and enter their Facebook login credentials the news is bad: their username and password has been sent to the phishers, and will likely be used to hijack the victims' account.
For those who chose the latter option, the news could be even worse. The file (WhoViewedMyfacebookProfile.rar) offered for download contains an information-stealing Trojan, which can potentially gather all kinds of confidential information from the victims' computer - including personal, financial and login information for different online services - and is set to send them to the attacker’s email address.
But, as the researchers noted, that email address has not been valid for 3 month, so the information gets sent and lost into a virtual black hole of the Internet. Nevertheless, the malware can get updated at any moment, and the email address in question changed to a valid one.
"If users fell victim to the phishing site by entering their login credentials, the phishers would have successfully stolen their information for identity theft purposes," note the researchers. The phished credentials are, then, obviously sent to servers controlled by the attackers, and not to the aforementioned email address.
But whether this phishing scam is stil active or not is not the point, because other similar ones are popping up daily. The good thing to remember is to be careful about where you are entering your account credentials (always check if the URL is the right one, and don't follow links from unsolicited emails) and what software you download (don't accept software you haven't asked for, and be careful when searching for software online - keep to established download sites).
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.