backtop


Print 12 comment(s) - last by Mitch101.. on Sep 23 at 10:08 AM

Watch out for e-Ticket related emails, they could lead to an attack on your computer

A devious new attack has debuted largely unnoticed and is infecting computers with trojans worldwide.  The new attack, first discovered by anti-virus experts at BitDefender, uses fake e-Ticket emails to deliver malware to unsuspecting users.

With the advent of online ticket sales, many users have given little hesitation to opening the .ZIP attachment to the messages, which generally bear the subject line "Buy Airplane Ticket Online".  After all, the emails look legitimate and use the names and logos of major national or regional North American airlines.

When the users download the file, it infects their computers with malware.  The Trojan.Spy.Zbot.KJ and Trojan.Spy.Wsnpoem.HA are among the malware used.  The Trojan.Injector.CH family of threats is also beginning to be used with the messages.

A similar, but less ambitious, attack was developed in July using JetBlue's logo and identity.  It is suspected that the two hacks may be connected to the same malware gang.  The gang may also be connected to other recent attacks which used a similar attachment scam, in which viruses delivering files were disguised as overnight shipping reports.

Security experts warn that these recent attacks may help black hats gain access to corporate networks, whose users are typically savvy enough to avoid less official looking schemes.  BitDefender researchers describe the attacks stating, "The viruses in this campaign have rootkit components that help them to install and hide themselves on the compromised machine either in the Windows or Program Files directory.  They inject code in several processes and add exceptions to the Microsoft Window Firewall, providing backdoor and server capabilities."

The trojans sit listening on several Windows ports.  They also try to download files from servers with domain names in the Russian Federation, indicating the attacks may be Russian in origin.  Russia is gaining a reputation as a center for organized cyber-crime.  The attackers may be seeking to use the infected computers to create a botnet for large-scale cyber attacks.

Sorin Dudea, head of the Antimalware Research Lab at BitDefender, warns "Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk.  The Trojans this new malware distribution campaign delivers and the high rate of infections prove once again not just the [involved] cybercriminals' ingenuity, but also the lack of interest users show in terms of [maintaining appropriate] systems' defense and sensitive data protection."

Estimates of the number of computers infected by this latest round of scams are not yet widely available.  



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Typo
By Ben on 9/23/2008 12:53:42 AM , Rating: 2
I agree.

What's more frustrating is the people that click willingly, knowing that their computer will then be compromised, hoping that it will lead to some sort of computer down time where they won't have to do their job until it's fixed by someone like you or I.


"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki