The email messages that are sent out claim to be from Facebook and state: “We are sending you this email to inform you that we have received an account cancellation request from you.” However, Facebook never sends such account cancellation confirmation messages via email. Users who want to cancel their Facebook account can do so by visiting facebook.com/deactivate.php to deactivate their account; they may later delete it after a cool down period has passed.
The malware preys on the fact that many users value their Facebook account highly and do not want it to be deleted. If they follow the link, they get prompted to install a Java applet. If they choose not to do so, the application will keep nagging until the user agrees to the applet being installed. Next, the user will see a message that they need to update Flash Player – this will actually install a trojan onto the system which allows the hackers to take over the machine and integrate it into a botnet. According to Sophos, the most commonly installed trojans are SpyEye-B and Agent-WHZ.