I got a plane ticket from ZeuS!
At the moment there is no week without another spam campaign – this week we proudly present the US Airways ticket scam. The malware behind this scam is still the same as in the previous post, ZeuS a.k.a. Zbot, detected by Emsisoft Anti-Malware as Trojan-Spy.Win32.Zbot.
The following email subjects are being used:
- US Airways online check-in.
- US Airways online check-in confirmation.
- US Airways reservation confirmation.
- Confirm your US airways online reservation.
You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying internationally). After the check-in, all you need to do is print your boarding pass and proceed to the gate.
Confirmation code: 772129
Check-in online: Online reservation details
Flight
8507Departure city and time
Washington, DC (DCA) 10:00PM
Depart date: 4/5/2012
Clicking on the malicious link will take you to this screen:
By analyzing the source of the page we can see that it tries to access four JavaScripts from another URL:
All of these JavaScripts contact the same BlackHole Exploit Kit server containing the following text only:
The purpose of this address is to load Java and Adobe exploits to infect the system. Emsisoft Anti-Malware detects this threat as Exploit.Java.Blacole and Exploit.JS.Pdfka.
Finally, once the system is exploited more malicious executables are downloaded to continue stealing sensitive account information.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialZeuS is one of most known banking trojans and spread very widely. We recommend you to keep your security software and Java and Adobe products updated.