backtop


Print 12 comment(s) - last by Mitch101.. on Sep 23 at 10:08 AM

Watch out for e-Ticket related emails, they could lead to an attack on your computer

A devious new attack has debuted largely unnoticed and is infecting computers with trojans worldwide.  The new attack, first discovered by anti-virus experts at BitDefender, uses fake e-Ticket emails to deliver malware to unsuspecting users.

With the advent of online ticket sales, many users have given little hesitation to opening the .ZIP attachment to the messages, which generally bear the subject line "Buy Airplane Ticket Online".  After all, the emails look legitimate and use the names and logos of major national or regional North American airlines.

When the users download the file, it infects their computers with malware.  The Trojan.Spy.Zbot.KJ and Trojan.Spy.Wsnpoem.HA are among the malware used.  The Trojan.Injector.CH family of threats is also beginning to be used with the messages.

A similar, but less ambitious, attack was developed in July using JetBlue's logo and identity.  It is suspected that the two hacks may be connected to the same malware gang.  The gang may also be connected to other recent attacks which used a similar attachment scam, in which viruses delivering files were disguised as overnight shipping reports.

Security experts warn that these recent attacks may help black hats gain access to corporate networks, whose users are typically savvy enough to avoid less official looking schemes.  BitDefender researchers describe the attacks stating, "The viruses in this campaign have rootkit components that help them to install and hide themselves on the compromised machine either in the Windows or Program Files directory.  They inject code in several processes and add exceptions to the Microsoft Window Firewall, providing backdoor and server capabilities."

The trojans sit listening on several Windows ports.  They also try to download files from servers with domain names in the Russian Federation, indicating the attacks may be Russian in origin.  Russia is gaining a reputation as a center for organized cyber-crime.  The attackers may be seeking to use the infected computers to create a botnet for large-scale cyber attacks.

Sorin Dudea, head of the Antimalware Research Lab at BitDefender, warns "Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk.  The Trojans this new malware distribution campaign delivers and the high rate of infections prove once again not just the [involved] cybercriminals' ingenuity, but also the lack of interest users show in terms of [maintaining appropriate] systems' defense and sensitive data protection."

Estimates of the number of computers infected by this latest round of scams are not yet widely available.  



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By 306maxi on 9/22/2008 1:29:43 PM , Rating: 2
Don't be so pessimistic!

I just got an email from this Nigerian prince who needs to get his money out of Nigeria and wants to use my bank account and in exchange he's going to give me a cut of the money.

All I need to do is give him my account details and I'll be raking in the money!

I wonder just how many people have falled for that one.......


"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki