Spam E-mails Masquerading Lufthansa Making Rounds in the Internet

Of recent, security experts at security firm, Sophos are warning German users against a fake mail making rounds in the internet in the disguise of Lufthansa. The mail is a flight confirmation e-mail from Lufthansa.

The flight confirmation, which is making round in the cyber world however are well designed and has nothing to do with Lufthansa.

Nevertheless, out of sheer curiosity, users often click on the attachments even if they are not planning to travel. The attached ZIP file, Flugsheindetails.PDF.exe is clearly named with an intention to trap the innocent users into believing that it is a PDF file.

Running the program on the computer is sufficient in itself for installing malicious code in the disguise of svchost.exe alleviates the suspicion of anyone checking the list of running processes in the internet. Automatically, a registry key of SunJavaUpdateSched is also set as a result.

However, the corrupted code opens the backdoor of the compromised computer to the third party hacker, who sends commands and steal information or rather install further malware on the computer.

The ZIP files are detected as Mal/DrodZp-A, and the EXE as Mal/EncPk-AFN in accordance with the Sophos products.

While commenting on this wide-spread and ongoing spam e-mail campaign on his blog, Graham Cluley, Senior Technology Consultant at Sophos claimed that users are clearly the ones who are being targeted on this occasion. He also notified that although the German-speaking computer users are clearly the ones that are often targeted, it is the same social engineering trick that clearly works in any language, as published by nakedsecurity.sophos.com on January 21, 2013.

However, not only Lufthansa Airlines, but also renowned Airway like US Airways has also been badly hit by cybercriminals in this e-mail campaign. In this spam e-mail campaign, the crooks have relied upon the fake online registration confirmation e-mails into trapping users to click on the malicious links.

The tricky authenticated sounding e-mails highlighted the utmost information. Generally there on all registration confirmation e-mails about the boarding time in case of domestic and international flights.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 2/4/2013