A new campaign of attacks has recently been launched by cyber scammers trying to expand the network Asprox infected computers, relying on spoofing emails that lead to malicious sites, also known as phishing email.
Scammers use a signal supposedly from Facebook to lure the recipient that their password has changed for the social networking site.
To make this communication more believable, cybercriminals include electronic message, πρωτότυπα γραφικά από το Facebook, and even a brief report on the suspicious activity that triggered the change mechanism code.
The report, signed by "The Facebook Security Team", claims that an unidentified person used the Opera browser from an Android device to access Facebook without the account owner's permission. A fake IP is also provided address and an estimate of the geographic location from where this attempt was allegedly made.
Each geoIP search tool shows that the location in the email and address are not the same. On the other hand, these indications are unlikely to be immediately perceived by a normal user.
Με την παγίδα αυτή, το θύμα μπορεί να αλλάξει το κωδικό πρόσβασης το, μέσα από ένα link που τον οδηγεί σε μια φόρμα όπου του ζητείται να συμπληρώσει τα data to complete the process.
Αντί για αυτό όμως, ένα archive με ένα εκτελέσιμο script γίνεται download στον υπολογιστή του θύματος. Το Asprox, που το ξέρουμε επίσης και ως Kuluoz, ανακαλύφθηκε το 2008 και το χρησιμοποιούν οι απατεώνες του διαδικτύου για διάφορες δραστηριότητες τους.