A new campaign of attacks has recently been launched by cyber scammers trying to expand the network Asprox of infected computers, relying on electronic spoofing messages that lead to malicious sites, also known as phishing emails.
Scammers use a signal supposedly from Facebook to lure the recipient that their password has changed for the social networking site.
To make this communication more believable, cybercriminals include electronic message, original graphics from Facebook, and even a brief report on the suspicious activity that triggered the mechanism changeof code.
The report, signed by “The Facebook Security Team”, claims that an unidentified person used the Opera browser from an Android device, to access on Facebook without the permission of the account holder. A fake IP address and an estimate of the geographic location from where this attempt is supposed to be made are also provided.
Every tool searchs geoIP, indicates that the location in the email and the address are not the same. On the other hand, these indications are not likely to be noticed immediately by a normal user.
With this trap, the victim can change his password through a link that leads him to a form asking him to fill in his details to complete the process.
Instead, a file with an executable script is downloaded to the victim's computer. Asprox, also known as Kuluoz, was discovered in 2008 and is used by cyber scammers for a variety of activities.