Troj/Agent-WHZ

Troj/Agent-WHZ is a Trojan that is a part of a spam Facebook attack connected with Facebook account cancellation. The deceptive email that delivers Troj/Agent-WHZ asks the affected computer user to confirm account cancellation by clicking on the given web-link. However, the web-link doesn't direct a computer user to an official Facebook web page, but a third-party application running on the Facebook platform, which means that the web-link goes to a facebook.com address, and thus, can mislead unaware web users. If a PC user clicks on the web-link, a message asking if he/she wants to allow an unknown Java application to run on the machine, will be displayed. If a computer user hits the 'No thanks' button, an irritating message will be repeatedly shown on the screen. If a user enables the program to run, he/she will see a message telling that Adobe Flash must be updated. The downloaded code detected as Troj/Agent-WHZ is, of course, not Adobe Flash update at all. Instead, the software program distributes other infected files into a /WIN32 folder, which have the aim of enabling remote cybercriminals to spy on the victim's online activities and gain access and control over the compromised PC system.