New Flight Ticket Spam Distributes Zbot

[Peaches]

As always, users should remain vigilant and treat all emails attachments with suspicion, regardless of where they appear to be coming from. It's also highly recommended to run an up-to-date antivirus program at all times and preferably one with advanced layers of protection, such as those that can detect generic malicious behavior.

New Flight Ticket Spam Distributes Zbot

Malicious attachments masquerade as airline ticket invoices

The emails come with a subject of "Your Flight Ticket #####" (where # is a digit) and according to their forged "From" field, appear to be originating from Midwest Airlines. It is however possible that the names of other airlines are being similarly abused.

The message contained within follows a template that has been used by Zbot airline ticket spam before. It informs the recipient that their credit card has been charged with a certain amount for a flight ticket. They are then told that "Attached to this message is the purchase Invoice and the airplane ticket." Obviously that is not true and the attachment, in this case called Invoice_viewer.zip, contains a Zbot installer.

Zbot, also known as ZeuS is an information stealing trojan, commonly used by fraudsters to compromise the online banking accounts and credit card information of people worldwide. ZeuS is being sold on undergound forums as a crimeware toolkit, giving hackers who buy it the ability to build customized versions of the malware. Because of this there are hundreds of Zbot variants in the wild at any given time, which allows cyber criminals to stay ahead of antivirus detection.

Story - http://news.softpedi...ot-151267.shtml