Issue 129 - April 2012 (2nd Edition) - Page 10
US Airways 'Flight Confirmation' Malware Emails
Emails purporting to be from US Airways claim to contain a flight confirmation code and suggest that users click a link to check in online and confirm reservation details.
The emails are not from US Airways. Those who click the link will be taken to bogus websites that contain a BlackHole toolkit that is used by criminals to distribute an information stealing trojan.
Detailed analysis and references below example.
Last updated: 5th April 2012
First published: 5th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: US Airways reservation confirmation.
You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). Then, all you need to do is print your boarding pass and go to the gate.
Confirmation code: 963401
Check-in online: Online reservation details
Departure city and time Washington, DC (DCA) 10:00PM
Depart date: 4/5/2012
Emails which falsely claim to be from US Airways are currently being sent out by criminals intent on distributing malware. The emails supposedly contain a flight confirmation code and invite recipients to click a link to "Check-in online" and review reservation details.
However, the emails have no connection with US Airways. Those who fall for the ruse and follow the link will be taken to a website that advises the user to wait while the page loads. In reality, the page will redirect to several other sites until it arrives at a malicious website that harbours a BlackHole web attack toolkit. An April 5th, 2012 PC World article about this attack notes
BlackHole is a Web attack toolkit commonly used by cybercriminals to infect people's computers with malware. The toolkit exploits vulnerabilities in outdated versions of popular browser plug-ins like Java, Flash Player or Adobe Reader.
In this particular attack, BlackHole is being used distribute an information-stealing Trojan horse called GameOver, which is based on the much older ZeuS malware.
Subject lines in the malware emails vary. US Airways has alerted customers
about the fake emails on its website.
The criminals bank on the fact that many recipients, surprised to receive a notification about a flight reservation that they have never made, will click on the link to check reservation details and thereby infect their systems. And, of course, in at least a few cases, recipients may really have booked a flight and are therefore more likely to follow the link without due care and attention.
In recent months, similar malware attacks have used the names of other US airlines including Delta Air Lines
and American Airlines
. If you receive one of these bogus reservation emails, do not click on any links or open any attachments that it may contain.
Rogue US Airways-themed Emails Distribute ZeuS-based Malware
US Airways - Scam alert
Delta Air Lines Passenger Itinerary Receipt Malware Emails
American Airlines Flight Ticket Order Malware Emails
Pages in this issue:
- RockMelt Virus Warning Hoax
- WhatsApp 'Servers Really Full' Hoax
- Circulated Warning Claims That Superheated Water In Microwave Can Explode
- Apple $100 Discount Card Phishing Scam
- HSBC 'Password Entered Incorrectly' Phishing Scam
- Viral Video Depicts Fatal Smash Between SUV and Truck
- Unsubstantiated Warning - Johannesburg Freeways 'Complete Shutdown 25th April'
- Facebook Page Hacker Warning Message - "Visit The New Facebook" Links
- Google Promotion Award Advance Fee Scam
- US Airways 'Flight Confirmation' Malware Emails
- Disabled Student Left Out of School Choral Performance
- Hoax: Facebook to Start Charging This Summer - Facebook Icon Will Turn Blue