Application security, Critical Infrastructure Security, Malware, Network Security, Phishing, Threat Management, Vulnerability Management

Flight check-in emails lead to Zeus infection

Consider this the flight to nowhere.

Researchers have discovered a variant of the Zeus banking trojan circulating in emails that offer recipients a link to check in to a US Airways flight. Except this flight doesn't exist: It's a con to get unsuspecting users to install malware.

Dmitry Tarakanov, a Kaspersky Lab researcher, said in a blog post Tuesday that the attacks were detected on March 20 and remained consistent for at least a week.

The criminals behind the spam campaign are targeting travelers on US Airways flights by trying to lure them into clicking on a link supposedly offering "online reservation details," which includes check-in.

According to the blog post, several uniquely crafted emails were part of the campaign, but no matter their make-up, once a user clicks on the link contained within them, their computers are met with a number of redirects that lead to malicious code delivered via the Blackhole exploit kit.

The attacks take advantage of vulnerabilities in popular software -- either Java, Flash Player or Adobe Reader -- and ultimately result in a downloader installing the pernicious Zeus, or Zbot, trojan.

An undisclosed number of attacks have been reported by Kaspersky users in Russia, the United States, Italy, Germany and India.

A company spokesperson could not be reached for comment. A US Airways representative also could not be reached.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds