Outline Emails purporting to be from US Airways claim to contain a flight confirmation code and suggest that users click a link to check in online and confirm reservation details.
The emails are not from US Airways. Those who click the link will be taken to bogus websites that contain a BlackHole toolkit that is used by criminals to distribute an information stealing trojan.
Departure city and time Washington, DC (DCA) 10:00PM
Depart date: 4/5/2012
Emails which falsely claim to be from US Airways are currently being sent out by criminals intent on distributing malware. The emails supposedly contain a flight confirmation code and invite recipients to click a link to "Check-in online" and review reservation details.
However, the emails have no connection with US Airways. Those who fall for the ruse and follow the link will be taken to a website that advises the user to wait while the page loads. In reality, the page will redirect to several other sites until it arrives at a malicious website that harbours a BlackHole web attack toolkit. An April 5th, 2012 PC World article about this attack notes:
BlackHole is a Web attack toolkit commonly used by cybercriminals to infect people's computers with malware. The toolkit exploits vulnerabilities in outdated versions of popular browser plug-ins like Java, Flash Player or Adobe Reader.
In this particular attack, BlackHole is being used distribute an information-stealing Trojan horse called GameOver, which is based on the much older ZeuS malware.
Subject lines in the malware emails vary. US Airways has alerted customers about the fake emails on its website.
The criminals bank on the fact that many recipients, surprised to receive a notification about a flight reservation that they have never made, will click on the link to check reservation details and thereby infect their systems. And, of course, in at least a few cases, recipients may really have booked a flight and are therefore more likely to follow the link without due care and attention.
In recent months, similar malware attacks have used the names of other US airlines including Delta Air Lines and American Airlines. If you receive one of these bogus reservation emails, do not click on any links or open any attachments that it may contain.