CA Cautions Online Users Of E-Mail Scam Involving Bogus Ticket
Security researchers from CA the security software company have issued an alert that malware purveyors are using as bait a 'bogus flight ticket' to deceive computer operators into downloading malware capable of infecting their systems.
Feigning to be a MidWest Airlines e-mail, the bogus message expresses gratitude to the recipient for apparently utilizing a recently introduced "Buy Airplane Ticket Online" facility through the airlines' website. It then informs him that an account in his name has been opened whose password and login details are provided inside the electronic mail. Additionally, it states that a charge of $874.35 has been made on his payment card.
Interestingly, the scam e-mail attempts at wooing the reader by indicating that whenever a ticket will be bought via the MidWest Airlines website, there will be a 10% discount on the purchase price.
Furthermore, it tells the recipient that the flight ticket along with the purchase bill is provided in the e-mail through an attachment. But, the ticket can be used merely via taking out its printout in color after which the user can start off for his trip. Eventually, the e-mail officially signs off with regards on behalf of MidWest Airlines.
Worryingly, as per the CA researchers, the attached bill called Invoice_viewer.zip carries an installer for Zbot.
Zbot or Zeus, its other name, is defined as a password stealing malware that fraudsters ordinarily utilize for compromising the credit card details and Internet banking accounts of people globally. Further, this Trojan is obtainable for a price on illegal website forums in the form of a kit for designing crimeware. Consequently, hackers who purchase this malware are able to create its tailored versions. As a result, innumerable Zeus variants float across the Web all the time. And that helps cyber-criminals to always beat the anti-viruses' identification techniques.
Conclusively, since the above kind of fraudulent e-mails have certain maliciousness attached, the CA researchers recommend that users must always be watchful as also suspicious of e-mail attachments even if they arrive from authentic sources. Moreover, they must also ensure that they're running up-to-date AV software, particularly those that identify general malware.
Related article: CA Canada Found Alarming Facts About Corporate Data Loss
» SPAMfighter News - 16-08-2010