Print 12 comment(s) - last by Mitch101.. on Sep 23 at 10:08 AM

Watch out for e-Ticket related emails, they could lead to an attack on your computer

A devious new attack has debuted largely unnoticed and is infecting computers with trojans worldwide.  The new attack, first discovered by anti-virus experts at BitDefender, uses fake e-Ticket emails to deliver malware to unsuspecting users.

With the advent of online ticket sales, many users have given little hesitation to opening the .ZIP attachment to the messages, which generally bear the subject line "Buy Airplane Ticket Online".  After all, the emails look legitimate and use the names and logos of major national or regional North American airlines.

When the users download the file, it infects their computers with malware.  The Trojan.Spy.Zbot.KJ and Trojan.Spy.Wsnpoem.HA are among the malware used.  The Trojan.Injector.CH family of threats is also beginning to be used with the messages.

A similar, but less ambitious, attack was developed in July using JetBlue's logo and identity.  It is suspected that the two hacks may be connected to the same malware gang.  The gang may also be connected to other recent attacks which used a similar attachment scam, in which viruses delivering files were disguised as overnight shipping reports.

Security experts warn that these recent attacks may help black hats gain access to corporate networks, whose users are typically savvy enough to avoid less official looking schemes.  BitDefender researchers describe the attacks stating, "The viruses in this campaign have rootkit components that help them to install and hide themselves on the compromised machine either in the Windows or Program Files directory.  They inject code in several processes and add exceptions to the Microsoft Window Firewall, providing backdoor and server capabilities."

The trojans sit listening on several Windows ports.  They also try to download files from servers with domain names in the Russian Federation, indicating the attacks may be Russian in origin.  Russia is gaining a reputation as a center for organized cyber-crime.  The attackers may be seeking to use the infected computers to create a botnet for large-scale cyber attacks.

Sorin Dudea, head of the Antimalware Research Lab at BitDefender, warns "Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk.  The Trojans this new malware distribution campaign delivers and the high rate of infections prove once again not just the [involved] cybercriminals' ingenuity, but also the lack of interest users show in terms of [maintaining appropriate] systems' defense and sensitive data protection."

Estimates of the number of computers infected by this latest round of scams are not yet widely available.  

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Once again a case of user error...
By nycromes on 9/22/2008 10:35:58 AM , Rating: 5
I have told people for years not to open unsolicited e-mail attachments. To some extent it still amazes me that people still do it. This has become common advice from IT professionals everywhere.

Secondly, what in the world drives people to open a .zip file to buy e-tickets "online"? I mean it isn't that hard to figure out if you are buying online, you don't need a file on your computer.

Oh well, I suppose this type of attack will never go away. Hopefully users will one day realize what they are doing instead of just clicking on anything and everything. These are sneaky predators overall, but just a small amount of thought or common sense should keep users away from this type of infection.

RE: Once again a case of user error...
By Mitch101 on 9/22/2008 10:43:47 AM , Rating: 3
They will never learn.

AMWAY = I see Amway is based upon the idea that the majority of people are not that bright and convinces people that buying no frills brand items at above retail costs and getting a mere 3% back is an investment into their own business. Why not just buy a better brand name item at the store for at least 30% less. 30% > 3% and would provide you with more money in your pocket not to mention a better product.

If the majority of people had common sense then AMWAY would have never become as large as they did.

RE: Once again a case of user error...
By superforever on 9/22/2008 8:48:03 PM , Rating: 2
I agreed their price is a little too high for most people but if you know the difference between no frills and AMWAY's products you will NOT say that anymore.

By Mitch101 on 9/23/2008 10:08:24 AM , Rating: 2
Your trying to justify Amway. I have tasted them and seen them. You can certainly get a significantly better product at your grocer and electronics store for much less.

You sound like their perfect rep you probably spend a few hundred more to go to a pep rally a listen to a diamond talk out his rear end. Those meetings are just another way of bilking you out of your money and convincing you to stay with Amway. If they are so productive then they wouldnt need to charge you for it. Teaching sales tactics your a member of should be free but they know you will fail so they charge you. Heck everyone loves a success story. If they didn't then at 2am there wouldn't be a need for infomercials trying to tell you to buy real estate foreclosures. I do that and can tell you its nothing like what they tell you in the infomercial. I love what they wont tell you in the infomercial like the condition and odds of finding a real deal. You might get the home cheap but your going to do a lot more than stick a for sale on the lawn and make money but the infomercials never show you the real side of foreclosures. The infomercials are much like Amway they wont show you the bad side before getting your money. Try getting a price list before becoming a member.

I had a pair of friends who got caught up in Amway one stayed in for a long time the other compared and got out. They both lost one lost a lot more. Amway won.

RE: Once again a case of user error...
By RandallMoore on 9/22/2008 10:47:03 AM , Rating: 2
Nah!! let them be ignorant! It makes me a lot of money haha. You are def. right though, i even have people to call me up to ask "this popup from Zone Alarm is asking me if i should allow AIM to access the internet or not, what should i do??"

Most of the time the light bulb turns on when i ask "well, did you just try to start AIM for the first time??"

so, let them be clueless so we can cash that check my friend!

By 306maxi on 9/22/2008 1:29:43 PM , Rating: 2
Don't be so pessimistic!

I just got an email from this Nigerian prince who needs to get his money out of Nigeria and wants to use my bank account and in exchange he's going to give me a cut of the money.

All I need to do is give him my account details and I'll be raking in the money!

I wonder just how many people have falled for that one.......

RE: Once again a case of user error...
By GreenEnvt on 9/22/2008 1:50:08 PM , Rating: 2
I agree it's silly.

however I've had two employees in my office who routinely handle booking flights for other staff. they got a message stating their itinerary was ready. Upon opening the e-mail (again they get confirmation itineraries often) and clicking on the exe-in-a-zip file, they both had "antivirus 2008" on their machines.
After cleaning that up, I now block any e-mails that have zip files containing an exe inside them. We used to block these by default but a couple of banks insist on sending this way so we'd allowed it. Now I've told them to figure something else out, as I'm not letting that into our network anymore.

Lesson learned.

By winterspan on 9/23/2008 1:06:32 AM , Rating: 2
You should fire them! since when do Itineraries come in the form of Zip file email attachments? How idiotic are these people?

"The whole principle [of censorship] is wrong. It's like demanding that grown men live on skim milk because the baby can't have steak." -- Robert Heinlein
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki