US Airways Spam Attack Discovered

 Analysis by: Jude Israel Bordallo

Trend Micro researchers intercepted spammed messages disguised as email from US Airways, a major airline service. The email informs the recipient of their flight schedule and gives them instructions on how to proceed to their appointed gate. The message goes on to list down the details of the user's supposed departure city, date and time, and confirmation code. Finally, the message contains a URL that allegedly leads to the user's online reservation details. Clicking the URL automatically downloads malicious files onto the user's system. These files are detected by Trend Micro as TROJ_PDFJSC.ADR, TSPY_ZBOT.AADR, and JAVA_EXPLCVE.RT.
 
Users should remain vigilant with receiving email from unknown senders.
 SPAM BLOCKING DATE / TIME: April 05, 2012 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:8814