Kaspersky Lab has discovered a spam campaign spreading Zeus-like malware through a bogus email from US Airways.
The emails contain subject lines like "US Airways Online Check-in" and "US Airways reservation confirmation" and give instructions for checking in online. The emails include a confirmation code, flight number, departure time and city, and a link that supposedly redirects you to the airline's online check-in portal. Apart from the few of you who will click on any spam link, the potential pool of those who might be duped by this campaign is rather limited.
"Cybercriminals are nothing if not original. And even though this is not the first time they’ve used a flight-related trick, it’s the first time this particular kind of spam has been detected. If the recipients belong to a target audience, they are much more likely to click on a malicious link in an email. However, the majority of users who received these emails were not flying anywhere that day, which is why very few fell for the scam," wroteKaspersky's Dmitry's Tarakanov.
But the consequences are serious. The exploit follows a Blackhole infection routine, Tarakanov explains. Once a victim clicks the poisoned URL, the malware connects your computer to a remote command and control center by exploiting Java, Flash Player, or Adobe Reader to download an executable file. Once connected, the C&C delivers a variant of Zeus to your system called "GameOver" which, as the FBI noted back in January, steals banking usernames and passwords.
Webroot researcher Dancho Danchev said the attack probably came from the same gang responsible for spam from Verizon and LinkedIn. He exects more, similar attacks taking advantage of users of outdated software and browser plugins.