German Users Warned About Fake Trojan-Spreading Lufthansa Emails

The malicious flight confirmations have been making the rounds for around one month

By on January 22nd, 2013 18:41 GMT

Security experts warn German users to be on the lookout these days for bogus notifications apparently coming from the country’s largest airline, Lufthansa.

“Falls Sie diese Reiseinformation nicht oder nur teilweise lesen konnen, offnen Sie bitte die angehangte PDF-Version. Bitte antworten Sie nicht auf diese E-Mail. Direkt-Antworten an den Absender konnen nicht bearbeitet warden,” read the fake notifications.

The flight confirmations – which have been making the rounds for around one month – are well designed, but they have nothing to do with Lufthansa. Instead, they’re part of a spam campaign whose main goal is to spread a Trojan detected by Sophos solutions as Mal/EncPk-AFN.

To avoid raising any suspicion, the malware is hidden in an archive file called “Flugscheindetails.zip.” The archive contains a file named Flugsheindetails.PDF.exe.

When launched, this executable (disguised as a PDF document) installs malicious code and modifies registry keys, allowing cybercriminals to steal information and install other pieces of malware.
Bogus Lufthansa flight confirmations
   Bogus Lufthansa flight confirmations
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments