Consider this the flight to nowhere.
Researchers have discovered a variant of the Zeus banking trojan circulating in emails that offer recipients a link to check in to a US Airways flight. Except this flight doesn't exist: It's a con to get unsuspecting users to install malware.
Dmitry Tarakanov, a Kaspersky Lab researcher, said in a blog post Tuesday that the attacks were detected on March 20 and remained consistent for at least a week.
The criminals behind the spam campaign are targeting travelers on US Airways flights by trying to lure them into clicking on a link supposedly offering "online reservation details," which includes check-in.
According to the blog post, several uniquely crafted emails were part of the campaign, but no matter their make-up, once a user clicks on the link contained within them, their computers are met with a number of redirects that lead to malicious code delivered via the Blackhole exploit kit.
The attacks take advantage of vulnerabilities in popular software -- either Java, Flash Player or Adobe Reader -- and ultimately result in a downloader installing the pernicious Zeus, or Zbot, trojan.
An undisclosed number of attacks have been reported by Kaspersky users in Russia, the United States, Italy, Germany and India.
A company spokesperson could not be reached for comment. A US Airways representative also could not be reached.
This article originally appeared at scmagazineus.com
Copyright © SC Magazine, US edition
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.