Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Spam Reports

April 4th, 2012, 07:00 GMT · By

“US Airways Online Check-In” Emails Serve ZeuS

SHARE:

Adjust text size:

Fake US Airlines email leads to ZeuS
Enlarge picture
Internet users are advised to be on the lookout for malicious emails that purport to come from US Airways, bearing information regarding an online ticket reservation.

Kaspersky Lab experts inform that the phony notifications are well designed, even displaying a link to the company’s privacy policy.

However, behind the legitimate-looking “Online reservation details” link, the cybercrooks hid various malicious domains such as sulichat.hu, prakash.clanteam.com, or panvelkarrealtors.com.

If the link is clicked, the unsuspecting user is taken, after multiple redirects, to a site that hosts the infamous BlackHole exploit kit which tries to leverage vulnerabilities in Java, Adobe Reader, or Flash Player to drop a downloader.

This downloader connects to a command and control server from where it gets the sensitive-information-stealing Trojan known as ZeuS.

An interesting observation made by Kaspersky researchers is that all the objects involved in the attack, including ZeuS, the domains, and the downloader, are periodically changed.

“During the short periods of time (a few hours over several days) that I was monitoring what files were being downloaded, I managed to detect 6 modifications of the downloader and 3 modifications of ZeuS,” Dmitry Tarakanov wrote.

Statistically speaking, 30% of these downloaders and the ZeuS variants were seen targeting Russian users, 10% of them American internauts, the rest being split among Italy, Germany, India, France, Ukraine, Poland, Brazil, Malaysia, Spain, and China.

This is not the first time cybercriminals rely on emails that replicate airline companies to spread their pieces of malware. Many of our readers are still reporting being bombarded with emails that claim to originate from American Airlines.

However, to ensure the success of their campaigns, the fraudsters don’t need to change only the domains, the downloaders, the scripts and the malware itself, but they also have to make modifications to the spam emails. This is probably why we’ll never see them run out of original ideas.

Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1
FILED UNDER:
spam
ZeuS
US Airways


2,873 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


American Airlines Ticket Purchase Spam Lands in Inboxes
American Airlines Fake Ticket Purchase Scams Hit the Roof
Airline Ticket Confirmations Come 'Incognito'
Airline and Tech Industries Are the Weakest Against Social Engineering
Credit Card Details Targeted in LAN Airlines Phishing Campaign

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use