ZeuS/Zbot Trojan Spread Through Rogue US Airways Email

Kaspersky Lab has discovered a spam campaign spreading Zeus-like malware through a bogus email from US Airways.

The emails contain subject lines like "US Airways Online Check-in" and "US Airways reservation confirmation" and give instructions for checking in online. The emails include a confirmation code, flight number, departure time and city, and a link that supposedly redirects you to the airline's online check-in portal. Apart from the few of you who will click on any spam link, the potential pool of those who might be duped by this campaign is rather limited.

"Cybercriminals are nothing if not original. And even though this is not the first time they’ve used a flight-related trick, it’s the first time this particular kind of spam has been detected. If the recipients belong to a target audience, they are much more likely to click on a malicious link in an email. However, the majority of users who received these emails were not flying anywhere that day, which is why very few fell for the scam," wroteKaspersky's Dmitry's Tarakanov.

But the consequences are serious. The exploit follows a Blackhole infection routine, Tarakanov explains. Once a victim clicks the poisoned URL, the malware connects your computer to a remote command and control center by exploiting Java, Flash Player, or Adobe Reader to download an executable file. Once connected, the C&C delivers a variant of Zeus to your system called "GameOver" which, as the FBI noted back in January, steals banking usernames and passwords. 

Webroot researcher Dancho Danchev said the attack probably came from the same gang responsible for spam from Verizon and LinkedIn. He exects more, similar attacks taking advantage of users of outdated software and browser plugins. 

Anonymous hacks Chinese websites

A screen shot of the hacked home page for Chengdu city's business district.

Messages by the international hacking group Anonymous went up on a number of Chinese government websites on Thursday to protest internet restrictions. On a Twitter account established in late March, Anonymous China listed the websites it said it had hacked over the last several days. They included government bureaus in several Chinese cities, including in Chengdu, a provincial capital in southwest China. Some of the sites were still blocked on Thursday, with English-language messages shown on how to circumvent government restrictions. In a message left on one of the hacked Chinese sites, cdcbd.gov.cn, a home page for Chengdu's business district, the hackers expressed anger with the Chinese government for restrictions placed on the internet. "Dear Chinese government, you are not infallible, today websites are hacked, tomorrow it will be your vile regime that will fall," the message read. "So expect us because we do not forgive, never. What you are doing today to your Great People, tomorrow will be inflicted to you," one of the messages read. Al Jazeera's Melissa Chan, reporting from Hong Kong, said that the attack was interesting because Anonymous had mostly previously stayed away from attacking Chinese websites. "This is just (Anonymous') second attack (on Chinese websites)," Chan said. "The first one a few months ago had been a corporate attack against a Chinese company and it had exposed corporate fraud. This time, of course, the message was more general about online censorship in China." Chan also pointed out the attacks did not target national websites, but smaller sites for government bureaus and minor cities. "The other interesting thing is that the messages they left were left in English, so then that begs the question of whether they wanted to try to reach out to the Chinese public or not," Chan said. Some websites that Anonymous said it attacked were working Thursday, and government officials denied the sites were ever hacked.

Source: Al Jazeera