Share

Related Stories

Top 5 Stories

News

Blackhole-laden spam targets airline passengers

04 April 2012

Cybercriminals have launched a Blackhole-laden spam campaign against US Airways passengers, trying to convince them to click on a link to "view" their reservation, according to Kaspersky Lab.

The spam contains details about the person’s flight, as well as a confirmation code and a bogus link to see “online reservation details”, Kaspersky researcher Dmitry Tarakanov wrote in a blog.

After clicking on the bogus link, victims are redirected eventually to a domain hosting the Blackhole exploit kit, which is becoming the dominant exploit kit in the cybercrime world. The computer is then infected with Blackhole by exploiting vulnerabilities in Java, Flash Player, or Adobe Reader.

“After successfully exploiting vulnerabilities, an executable file is downloaded from the same domains where the exploits are located. It can be downloaded under different names – about.exe, contacts.exe and others – and is essentially a downloader. When the downloader runs, it connects to its C&C at the URL ‘176.28.18.135/pony/gate.php’, and downloads and runs another malicious program – ZeuS/ZBot or, to be more precise, a modification of one of the development branches of that Trojan known as ‘GameOver’ – on the user’s system”, Tarakanov explained.

The good news is that most of the recipients were not flying on a US Airways flight the day they received the spam, so very few became victims. “Even though this is not the first time they’ve used a flight-related trick, it’s the first time this particular kind of spam has been detected. If the recipients belong to a target audience, they are much more likely to click on a malicious link in an email. However, the majority of users who received these emails were not flying anywhere that day, which is why very few fell for the scam”, he added.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×