A new campaign of attacks has recently been launched by cyber scammers trying to expand the network Asprox of infected computers, relying on electronic spoofing messages that lead to malicious sites, also known as phishing emails.
Fraudsters use as a lure a signal purporting to be from Facebook to inform the recipient that their password has been changed for the social networking site.
To make this communication more believable, cybercriminals include electronic message, original graphics from Facebook, and even a brief report on suspicious activity that triggered the code change mechanism.
The report, signed by The Facebook Security Team, claims that an unidentified person used the Browser Opera from an Android device to access Facebook without the permission of the account holder. There is also a false IP address and an estimate of the geographic location from which this attempt is supposed to happen.
Each geoIP search tool shows that the location in the email and address are not the same. On the other hand, these indications are unlikely to be immediately perceived by a normal user.
With this trap, the victim can change the password through a link that takes them to a form where they are asked to fill in the data to complete the process.
Instead, a file with an executable script is downloaded to the victim's computer. Asprox, also known as Kuluoz, was discovered in 2008 and is used by cyber scammers for a variety of activities.