How does this threat get into users' systems?

Users receive spammed messages supposedly from Facebook that urged them to download the .ZIP file attachment to get their new passwords.

How does this threat affect users?

Instead of getting their new passwords, however, users ended up with TROJ_BREDLAB.SMF infections. This dropped two other malware—TROJ_GLECIA.Q and TROJ_GLECIA.O. It also connected to a malicious site to download a rogue antivirus application dubbed TROJ_FAKEAV.BLV.

How does this threat make money for its perpetrators?

Users who are tricked into buying the rogue antivirus application end up paying for useless software. Cybercriminals, on the other hand, turn a profit from selling the bogus application to unwitting users.

What is the driving force behind this threat?

As with other FAKEAV variants, the perpetrators behind this attack are driven by the thought of making easy money from unknowing users.