A new campaign of attacks has recently been launched by cyber scammers trying to expand the network Asprox infected computers, relying on spoofing emails that lead to malicious sites, also known as phishing email.
Scammers use a signal supposedly from Facebook to lure the recipient that their password has changed for the social networking site.
To make this communication more believable, cybercriminals include in the email, original graphics from the Facebook, and even a brief report on suspicious activity that triggered the code change mechanism.
The report, signed by The Facebook Security Team, claims that an unidentified person used the Browser Opera from an Android device to access Facebook without the permission of the account holder. There is also a false IP address and an estimate of the geographic location from which this attempt is supposed to happen.
Each geoIP search tool shows that the location in the email and address are not the same. On the other hand, these indications are unlikely to be immediately perceived by a normal user.
With this trap, the victim can change his password through a link that leads him to a form asking him to fill in his details to complete the process.
Instead, a file with an executable script is downloaded to the victim's computer. Asprox, also known as Kuluoz, was discovered in 2008 and is used by cyber scammers for a variety of activities.