Asprox Botnet Distributing Spam Mails Promising Gift Card at Zero Cost
According to a warning by security researchers, the notorious botnet Asprox is being used for distributing spam mails that pledge recipients can access one gift card without paying anything, published softpedia.com dated October 16, 2014. The spam mail claims that the recipient has been sent one $20 worth Card eGift of Starbucks from AT&T which he can access by clicking the web-link labeled "Print Your Gift" and then take its print out for use.
Apparently, the non-chargeable Starbucks Card can be utilized for making purchases from any Starbucks shop. There's also certain 'Card Security Code' inside the e-mail. But, AT&T hasn't sent the e-mail while there's no Starbucks Card for free for the e-mail recipient. Indeed, rather than produce the claimed card, the web-link takes onto one hijacked site having malware.
This malware hunts for Windows and Internet Explorer on the victim's machine and incase they're found, it would download one zipped file. The zipped archive has one .exe file, which incase opened, would load more malware for subsuming the PC into the Asprox network-of-infected-computers. Once the PC is added to the Asprox network, the network-operators likely will load still more malware onto the PC with which the user's passwords can be grabbed. Besides, the PC can be utilized for distributing malware, and executing spam or scam runs.
The malicious Asprox network dispatches spam messages utilizing various kinds of socially-engineered entices like postal-themed, booking confirmation and other lures for taking hold over systems that would be joined to the botnet and the latter expanded in size. And though the cyber-crooks may've enhanced their botnet's framework by simple tweaking, their socially-engineered entices don't appear too different from the ones employed some five years back.
Moreover, judging by the total aggregate of users getting victimized with the spam mails the botnet dispatched, it's clear that these traditional tactics continue to be extremely effective even today.Therefore, incase anyone has got the aforementioned malware-laced e-mail he must avoid viewing its attachment or clicking its web-link; nevertheless, suppose he has already done either of the things then he should immediately execute an anti-virus scan on his computer, the specialists advise.