New Flight Ticket Spam Distributes Zbot


Recommended Posts

As always, users should remain vigilant and treat all emails attachments with suspicion, regardless of where they appear to be coming from. It's also highly recommended to run an up-to-date antivirus program at all times and preferably one with advanced layers of protection, such as those that can detect generic malicious behavior.

New Flight Ticket Spam Distributes Zbot

Malicious attachments masquerade as airline ticket invoices

The emails come with a subject of "Your Flight Ticket #####" (where # is a digit) and according to their forged "From" field, appear to be originating from Midwest Airlines. It is however possible that the names of other airlines are being similarly abused.

The message contained within follows a template that has been used by Zbot airline ticket spam before. It informs the recipient that their credit card has been charged with a certain amount for a flight ticket. They are then told that "Attached to this message is the purchase Invoice and the airplane ticket." Obviously that is not true and the attachment, in this case called Invoice_viewer.zip, contains a Zbot installer.

Zbot, also known as ZeuS is an information stealing trojan, commonly used by fraudsters to compromise the online banking accounts and credit card information of people worldwide. ZeuS is being sold on undergound forums as a crimeware toolkit, giving hackers who buy it the ability to build customized versions of the malware. Because of this there are hundreds of Zbot variants in the wild at any given time, which allows cyber criminals to stay ahead of antivirus detection.

Story - http://news.softpedi...ot-151267.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...