SOURCE: BitDefender

September 17, 2008 11:03 ET

Malware Nets Major U.S. Air Carriers

Summertime Bogus e-Ticketing Scam Followed by Fake Messages Using Major Air Carriers' Identities

BUCHAREST, ROMANIA--(Marketwire - September 17, 2008) - BitDefender®, an award-winning provider of antivirus software and data security solutions, announced today the detection of a new round of spam campaigns targeting individuals purporting to deliver e-Tickets and invoices for a so-called "Buy Airplane Ticket Online" service. The messages, which include an e-Ticket attachment as a .ZIP file, deliver a new and improved cargo of malware.

Similar in nature to the attacks launched earlier this summer, this attack capitalizes on the end of summer, the return to school and the desire to extend the nice weather or plan a late-year vacation. Most likely executed by the same criminals, this attack campaign is a mass mailing with "borrowed" flyers, as well as additional elements to entice the recipient into opening the .ZIP file.

Instead of the attack spoofing Jet Blue Airways' identity reported in July, this new round of attacks targets the major U.S. air carriers as well as other operators including cardinal points within their names. Additionally, counterfeit messages have been sent allegedly on behalf of operators with a focus on charter, regional or domestic-only services.

The attack consists primarily of the tried and true Trojan.Spy.Zbot.KJ and Trojan.Spy.Wsnpoem.HA. Additionally, the Trojan, Trojan.Injector.CH, has been detected in these attacks. These viruses were employed most recently in attacks against major overnight delivery companies.

The viruses in this campaign have rootkit components that help them to install and hide themselves on the compromised machine either in the Windows or Program Files directory. They inject code in several processes and add exceptions to the Microsoft® Windows® Firewall, providing backdoor and server capabilities. They all send sensitive information and listen on several ports for possible commands from the remote attacker. The Trojans also attempt to connect and download files from servers with domain names apparently registered in the Russian Federation.

"Users should be aware that without the appropriate security solution the integrity of their systems is at an extremely high risk," said Sorin Dudea, Head of BitDefender® Antimalware Research. "The Trojans this new malware distribution campaign delivers and the high rate of infections prove once again not just the cybercriminals ingenuity, but also the lack of interest the users show in terms of systems' defense and sensitive data protection."

About BitDefender®

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since our inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe -- giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information is available on our security solutions' site.