Latest News

Malware Nets Major U.S. Air Carriers

September 2008

Summertime Bogus e-Ticketing Scam Followed by Fake Messages Using Major Air Carriers Identities

BitDefender announced today the detection of a new round of spam campaigns targeting individuals purporting to deliver e-Tickets and invoices for a so-called Buy Airplane Ticket Online service. The messages, which include an e-Ticket attachment as a .ZIP file, deliver a new and improved cargo of malware.

Similar in nature to the attacks launched earlier this summer, this attack capitalizes on the end of summer, the return to school and the desire to extend the nice weather or plan a late-year vacation. Most likely executed by the same criminals, this attack campaign is a mass mailing with borrowed flyers, as well as additional elements to entice the recipient into opening the .ZIP file.

Instead of the attack spoofing Jet Blue Airways identity reported in July, this new round of attacks targets the major U.S. air carriers as well as other operators including cardinal points within their names. Additionally, counterfeit messages have been sent allegedly on behalf of operators with a focus on charter, regional or domestic-only services.

The attack consists primarily of the tried and true Trojan.Spy.Zbot.KJ and Trojan.Spy.Wsnpoem.HA.. Additionally, the Trojan, Trojan.Injector.CH, has been detected in these attacks. These viruses were employed most recently in attacks against major overnight delivery companies.

The viruses in this campaign have rootkit components that help them to install and hide themselves on the compromised machine either in the Windows or Program Files directory. They inject code in several processes and add exceptions to the Microsoft Windows Firewall, providing backdoor and server capabilities. They all send sensitive information and listen on several ports for possible commands from the remote attacker. The Trojans also attempt to connect and download files from servers with domain names apparently registered in the Russian Federation.

Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk, said Sorin Dudea, Head of BitDefender Antimalware Research. The Trojans this new malware distribution campaign delivers and the high rate of infections prove once again not just the cybercriminals ingenuity, but also the lack of interest the users show in terms of systems defense and sensitive data protection.