Cybercriminals are sending out such emails because they know a lot of people are traveling

Dec 19, 2013 08:28 GMT  ·  By

In case you come across a suspicious email in your inbox purporting to come from an airline company, act with caution. The messages might be part of a cybercriminal campaign.

According to Trend Micro, the notifications appear to come from companies such as American Airlines, US Airways, Delta Airlines or British Airways. They usually inform recipients that an electronic ticket has been purchased on their behalf.

The file that’s attached to the emails is not an e-ticket, but a variant of the Kuluoz malware. This particular threat is designed to download and execute other pieces of malware, such as ZeroAccess or fake antiviruses.

The spam messages are distributed with the aid of the Cutwail botnet. Experts believe that the cybercriminals might have started relying exclusively on fake airline emails because they know that a lot of people are traveling during this period.

Interestingly, the latest versions of Kuluoz come with a new feature. Once it infects a computer, the malware starts collecting system information, including on the antivirus solutions installed on the device.