E-mail Exploits Delta Airlines’ Names to Install Trojan
According to MX Lab, a Belgium-based security company, e-mails that appear as if they are messages sent by the USA's Delta Airlines and apparently confirming ticket purchase, actually try to infect end-users' computers with a Trojan.
MX Lab says that it has seized specimens of the W32/Trojan2.FXRO Trojan attached with e-mail, representing a ZIP file named delta_RQ763.zip. These e-mails display the header, "Confirmation of airline ticket purchase at www.delta.com" and show the sender's address as email@example.com that is a spurious ID, said the company.
Moreover, security specialists have also revealed that Internet scammers use a technique that spoofs e-mail addresses to hide the tracks of the actual sender. The most standard e-mail has two "From" addresses of which the actual "From" address is dispatched via the SMTP protocol invisible to the user. The other "From" address in spoofed e-mails is visible as in the case of the Delta Airlines e-mail, resulting in the message appearing as genuine.
The reports further state that the Trojan carries the features of ZBot, a Trojan that deactivates firewall, captures sensitive data like online banking details or payment card numbers, takes screenshots, downloads other malware, and allows a hacker to remotely access a compromised PC. Usually, this Trojan is linked to other servers, an act the user doesn't get to know.
In addition, the security specialists disclosed that it is possible that the attack has its source in Russia, but the e-mails are possibly sent from compromised PCs located worldwide.
Moreover, following the surge of the Delta attacks, the Airlines put up a notice online to warn end-users against opening the e-mail attachment. The notice said that the e-mails are neither from Delta, nor does the company used any private information of its customers to create the e-mails. It also advised that people must always be suspicious of attachments in unsolicited e-mails and always maintain an up-to-date antivirus.
Meanwhile, during 2008, several reports came about e-mails that purported to be from airline companies as they spread malware. These spoofed e-mails used names like US Airways, Sun County Airlines, and Virgin America.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 12-03-2009