Watch Your Money Fly with Zbot Airlines

A new medium-size spam wave is threatening credit card users who are frequently flying with one of Germany’s most famous airline carriers. The fraud scheme is based on the already classical approach that tells the user they have been charged for a service they haven’t ordered.

Spam message inviting the victim to visit their link to see where they are going to fly.

Should the user want to see what exactly happened to the $493.67 allegedly withdrawn from their card, they have to click on the link provided into the spam message. The embedded URL takes them to a specially-crafted page hosted on a religious website that has probably been hacked into. This HTML page is rigged with iframes which will try to load extra content from outside the domain.

At the other end of the connection, there is the Neosploit toolkit trying to guess the user’s operating system, browser type and run a PDF exploit against the unsuspecting victim. The attack relies on two key components to reach its target: the first one is the alleged $493.67 sum withdrawn from the account, and the second is the lack of attachments since the user may perceive an attachment-rigged message as potentially threatening.

If the attack succeeds, the victim will get infected with a generic downloader which installs Trojan.Generic.KDV.57533, one of the multiple faces of the Zbot Trojan. This piece of malware is known as one of the most insidious e-threats available to date, as it is able to deploy keyloggers, intercept traffic, hijack e-banking transactions,spread itself via mail or instant messaging services.

This attack can be easily mitigated by users by implementing a security solution that features antispam, antiphishing and antimalware engines, such as BitDefender’s Internet Security and Total Security suites.

For your own safety, never click on links provided in messages from persons you do not know. If you have any doubts regarding your money transactions or if you are required to log-on in order to get additional details about these transactions, we advise you to call the bank instead.