Subject: Facebook Password Reset Confirmation.
From: "The Facebook Team" <firstname.lastname@example.org>
Hey fortunes ,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks, The Facebook Team
The Trojan is widely detected as a version of Bredolab. ThreatExpert report is here.
Remember, if you can block EXE-in-ZIP files at your mail gateway, it is well worth doing.