Kaspersky Lab Expert Dmitry Tarakanov warns that cybercrooks are spamming out bogus US Airways check-in emails in hopes of infecting the machines of gullible recipients with the popular ZeuS banking Trojan.
Here’s a sample email:
You can check in from 24 hours and up to 60 minutes before your flight (2 hours if you’re flying internationally). Then, all you need to do is print your boarding pass and head up to the gate.
Confirmation code: XXXXXX (random number)
Check-in online: Online reservation details
Departure city and time
Washington, DC (DCA) 10:00PM
Depart date: 4/5/2012
US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281, Copyright US Airways, All rights reserved
From what I can tell, the confirmation code in the email appears to be random; however, the departure city and time seems to be standard.
Clicking the ‘Online reservation details’ link will take you to a malicious third-party site housing the widely-used Blackhole exploit kit, which will attempt to exploit Java, Adobe Flash Player or Adobe Reader in order to deliver the ‘Gameover’ build of the ZeuS/Zbot Trojan.
All of this will happen quietly in the background as the user curiously stares at the lonely ‘Loading..’ text occupying the page.
Of course, once the malware makes its way onto your machine, it will begin stealing sensitive online banking information, which will then be uploaded to a remote server controlled by the attackers.
US Airways is aware of the bogus spam circulating and has posted a warning on their website and Facebook page. US Airways advises users to hover their mouse over the link to check the underlying URL, which will have ‘usairways.com’ as the domain name if it is legitimate.
If you receive the email and notice that the URL for the link doesn’t match, feel free to delete it.