14 DAY TRIAL // Experts have come across an interesting fake American Airlines email. The notification is designed to spread a new variant of the Trojan.Downloader.Zortob (ESET) malware.
According to MX Lab experts who have analyzed these emails, the message – which informs the recipient that a ticket has been purchased by using their credit card – is composed of a single image which represents the email’s body.
When the image is clicked, victims are taken to a compromised website that’s been set up to host a malicious HTML file. This file contains a JavaScript which triggers the downloading of a zip file that hides the payload.
Currently, only 13 antivirus engines identify the file as being malicious or suspicious. In the meantime, while other companies update their products to detect the threat, users are advised to be extra careful if presented with such notifications.