Recently a lot of users were spammed with a fake Facebook notification about a change in users' account information. - Warns BarracudaLabs researchers.

This message may seem real, because the email address shows that it's from Facebook, but it's a spoofed address. However, the message itself shows only an image that the recipient needs to install Silverlight. This image is linked to a Malaysian IP address with a hosted Windows PIF file (executable file format). If you will install it to your PC you will activate a key logger Jorik Trojan, which will record every keystroke to a file in your disk, which will eventually be sent to C&C server, where cyber criminals will analyze it's data and probably will steal your private information.

This scheme just shows how users can be fooled by links to additional software, which is needed to view content. Usual windows warning about potentially harmful software is in place, but unfortunately user ignores it, because he thinks that he's installing just a plug-in for his browser.