Air Canada Order Confirmation Email Contains Malicious URL

Dec 5, 2012 | comments

Fake Air Canada emails with order confirmation contains URL that downloads malicious ZIP file, email is send from the spoofed address “Air Canada <tickets@aircanada.com>” and has the following body:

Dear Customer,
Your order has been successfully processed.
FLIGHT NUMBER TB8696CA
ELECTRONIC 75267302
DATE & TIME / DECEMBER 5, 2012, 10:30 AM
DEPARTING / Toronto
TOTAL PRICE / 375.12 CAD

Please download and print your ticket from the following URL : http://www.aircanada.com/aco/manageMyBookings.do?tid=TB7392CA&ticket_number=75267302
For more information regarding your order, contact us by visiting , visit : http://www.aircanada.com/en/customercare/index.html?orderid=75267302&ssid=1866
Thank you
Air Canada.
The embedded URL does not points the browser to the real web site address but to hxxp://air-canada.org/tickets/ticketTB7392CA.zip. Once this file is extracted you will have the 175 kB large file ticketTB7392CA.scr.

The trojan is known as Trojan-Spy.Win32.Zbot.gtvm, Trojan.Zbot or Trojan.Agent/Gen-Festo.

 


Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

 
Support : INDIATRIKS
Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger