At the moment there is no week without another spam campaign – this week we proudly present the US Airways ticket scam. The malware behind this scam is still the same as in the previous post, ZeuS a.k.a. Zbot, detected by Emsisoft Anti-Malware as Trojan-Spy.Win32.Zbot.
The following email subjects are being used:
- US Airways online check-in.
- US Airways online check-in confirmation.
- US Airways reservation confirmation.
- Confirm your US airways online reservation.
You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying internationally). After the check-in, all you need to do is print your boarding pass and proceed to the gate.
Confirmation code: 772129
Check-in online: Online reservation details
Departure city and time
Washington, DC (DCA) 10:00PM
Depart date: 4/5/2012
Clicking on the malicious link will take you to this screen:
The purpose of this address is to load Java and Adobe exploits to infect the system. Emsisoft Anti-Malware detects this threat as Exploit.Java.Blacole and Exploit.JS.Pdfka.
Finally, once the system is exploited more malicious executables are downloaded to continue stealing sensitive account information.
ZeuS is one of most known banking trojans and spread very widely. We recommend you to keep your security software and Java and Adobe products updated.