Watch Your Money Fly with Zbot Airlines

Flight includes beverages, food and a Trojan horse on the house

A new medium-size spam wave is threatening credit card users who are frequently flying with one of Germany’s most famous airline carriers. The fraud scheme is based on the already classical approach that tells the user they have been charged for a service they haven’t ordered.

Spam message leading to Zbot

Spam message inviting the victim to visit their link to see where they are going to fly.

Should the user want to see what exactly happened to the $493.67 allegedly withdrawn from their card, they have to click on the link provided into the spam message. The embedded URL takes them to a specially-crafted page hosted on a religious website that has probably been hacked into. This HTML page is rigged with iframes which will try to load extra content from outside the domain.

At the other end of the connection, there is the Neosploit toolkit trying to guess the user’s operating system, browser type and run a PDF exploit against the unsuspecting victim. The attack relies on two key components to reach its target: the first one is the alleged $493.67 sum withdrawn from the account, and the second is the lack of attachments since the user may perceive an attachment-rigged message as potentially threatening.

If the attack succeeds, the victim will get infected with a generic downloader which installs Trojan.Generic.KDV.57533, one of the multiple faces of the Zbot Trojan. This piece of malware is known as one of the most insidious e-threats available to date, as it is able to deploy keyloggers, intercept traffic, hijack e-banking transactions,spread itself via mail or instant messaging services.

This attack can be easily mitigated by users by implementing a security solution that features antispam, antiphishing and antimalware engines, such as BitDefender’s Internet Security and Total Security suites.

For your own safety, never click on links provided in messages from persons you do not know. If you have any doubts regarding your money transactions or if you are required to log-on in order to get additional details about these transactions, we advise you to call the bank instead.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.