A new malicious campaign appeared at Facebook. Its goal is to get as many users as possible to click on a link that is supposed to contain news. Criminals after the first click use multiple redirects on websites that serve the Nuclear Pack exploit kit.
It seems that fraudsters are becoming more and more sophisticated in their attacks, making fraud as profitable as possible. This time they thought they did not earn much with just one click, so they started directing their victims to more URLs.
Researchers security of Symantec say the trap is an article purporting to reveal how a woman makes $8.000 a month without ever leaving her home.
Users interested in discovering more details click on the link and end up on another one σελίδα which starts running redirects to various malicious sites.
In some cases, some of these sites serve the Nuclear Pack exploit kit, which is known for leveraging leak points in earlier versions of Java, Adobe Acrobat and Adobe Reader.
However, in this example, the researchers report that the exploits used attempt to exploit security flaws in Internet Explorer της Microsoft (CVE-2013-2551) και της Java (CVE-2012-1723).
“After successfully exploiting a vulnerability, the Nuclear Pack exploit kit injects the Trojan.Ascesso.A. Trojan.Ascesso.A is known for sending spam emails and downloading other files from a remote location,” says Symantec's Ankit Singh.
Telemetry from Symantec's systems shows that the areas most affected are North America and Europe.
A similar strategy based on multiple redirects on malicious pages created specifically to secure money cheaters in one way or another has recently appeared on Facebook with a publication supposed to contain news and videos from the MH17 flight.