A new malicious campaign appeared at Facebook. Its goal is to trick as many users as possible into clicking on a link that is supposed to contain news. Criminals after the first click use multiple redirects to websites που σερβίρουν το Nuclear pack exploit kit.
It seems that scammers are becoming more and more sophisticated on attacks them, making the scam as profitable as possible. This time they thought that with a single click they don't earn much, so they started directing their victims to more URLs.
Symantec security researchers report that the trap is an article that is supposed to reveal how a woman is killing 8.000 dollars a month without having to leave her home.
Users interested in discovering more details click on the link and end up on another one σελίδα which starts running redirects to various malicious sites.
In some cases, some of these websites serve the Nuclear Pack exploit kit, which is known to leverage vulnerabilities in older versions of Java, Adobe Acrobat, and Adobe Reader.
However, in this example, the researchers report that the exploits used try to exploit disfunctions security vulnerabilities in Microsoft Internet Explorer (CVE-2013-2551) and Java (CVE-2012-1723).
“After successfully exploiting a vulnerability, the Nuclear Pack exploit kit injects Trojan.Ascesso.A. Trojan.Ascesso.A is known for Mission spam emails και τη λήψη άλλων files from a remote location,” says Symantec's Ankit Singh.
Telemetry from Symantec's systems shows that the areas most affected are North America and Europe.
A similar strategy based on multiple redirects on malicious pages created specifically to secure money cheaters in one way or another has recently appeared on Facebook with a publication supposed to contain news and videos from the MH17 flight.