According to Dave Marcus Director of Security Research and Communication at McAfee, the messages are targeting 400 Million Facebook users, and was detected by customers using their security software.
Marcus said the spam run contained a variety of malware programs, including password stealers, rogue antivirus programs or botnet code.
He also went on to say that No Web site would automatically reset someone's password and send the new one in an e-mail. Facebook's high number of users makes it a prime target for spammers and hackers.
The messages say that the user's Facebook password has been reset and the user should download an attachment that contains the new password. The English-language messages are grammatically correct, but contain an odd sign-off: "Thanks, Your Facebook." McAfee has included a screenshot of the message on their blog.