The malicious elements are pushed with the aid of the BlackHole exploit kit
Cybercriminals have often leveraged emails purporting to come from airline companies to distribute malware. In the latest spam run, the crooks rely on bogus US Airways online registration confirmation emails to trick users into clicking on malicious links.“You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying abroad). After that, all you have to do is print your boarding pass and proceed to the gate,” the cleverly designed emails read.
Webroot experts reveal that, in this case, the links point to websites that host the BlackHole exploit kit, which identifies vulnerabilities in the applications used by the victim and uses them to push malware.
The malware that’s dropped, Gen:Variant.Kazy.123875 (Bitdefender), is currently detected by 24 of the 46 antivirus engines from VirusTotal.
Interestingly, the email address associated with one of the malicious domains used in this campaign has been linked to other similar spam runs, including ones that relied on fake eBay and FDIC emails.