BitDefender Identifies Scam ‘Miles & More’ E-Mails
Researchers from BitDefender the security company have cautioned everyone that fraudulent e-mails are circulating as messages from the frequent flyer scheme, "Miles & More" while directing end-users onto a malevolent Internet site. Softpedia.com reported this on January 12, 2011.
Here it may be mentioned that Miles & More is well-known to people ever-since Europe's biggest airline, Lufthansa first launched it and which currently has other airlines involved too.
Reveals BitDefender, with the caption "ITINENERARY RECEIPT," the fake electronic mails show a spoofed address seeming to be sent from firstname.lastname@example.org.
These e-mails typically tell recipients that a charge has been made to their names for using certain service, which in reality was never ordered for.
Specifically, they state that the frequent flyer scheme is thankful to the recipient because he bought its service and that his booking number is LVSN50 while a charge has been made to his credit card for $493.67. Thereafter, the messages instruct the recipient to click a given web-link and access his Miles account for taking a print out of his PASSENGER ITINERARY RECEIPT.
But on clicking, the user is led onto a religious site, which possibly someone compromised. Notably, this site contains a malicious HTML page, which has invisible iframes serving the Neosploit attack kit that's hosted on an intermediate Web-server.
The kit apparently, attempts at determining the victimized computer's OS and browser type following which it executes a malicious PDF file on the system. And in case the attack turns out successful, a general Trojan downloader infects the system with Trojan.Generic.KDV.57533, which's a variant of Trojan ZBot. The malware is very dangerous since it installs keyloggers, monitors inbound and outbound traffic, compromises Internet banking transactions and propagates through instant messages or e-mails.
States BitDefender that for a successful attack, twin components are used for reaching the potential victim. These are the so-called money charged to the victim's credit card and the strange absence of attachments that would have hinted of potential threat in the message.
Conclusively, to remain safe from the fraudulent e-mail scam, BitDefender's experts have recommended that users should update their operating system and other software.
» SPAMfighter News - 24-01-2011