Breaking News
Loading...
» » » » » » Air Canada Order Confirmation Email Contains Malicious URL
Wednesday, 5 December 2012

Info Post

Fake Air Canada emails with order confirmation contains URL that downloads malicious ZIP file, email is send from the spoofed address “Air Canada <tickets@aircanada.com>” and has the following body:

Dear Customer,
Your order has been successfully processed.
FLIGHT NUMBER TB8696CA
ELECTRONIC 75267302
DATE & TIME / DECEMBER 5, 2012, 10:30 AM
DEPARTING / Toronto
TOTAL PRICE / 375.12 CAD
Please download and print your ticket from the following URL : http://www.aircanada.com/aco/manageMyBookings.do?tid=TB7392CA&ticket_number=75267302
For more information regarding your order, contact us by visiting , visit : http://www.aircanada.com/en/customercare/index.html?orderid=75267302&ssid=1866
Thank you
Air Canada.
The embedded URL does not points the browser to the real web site address but to hxxp://air-canada.org/tickets/ticketTB7392CA.zip. Once this file is extracted you will have the 175 kB large file ticketTB7392CA.scr.

The trojan is known as Trojan-Spy.Win32.Zbot.gtvm, Trojan.Zbot or Trojan.Agent/Gen-Festo.

 


Posted by at 21:50
Labels: , , , ,
Share:

1 comments:

  1. Unknown16 April 2022 at 19:01

    Air Canada Order Confirmation Email Contains Malicious Urlbit Coin Plus, Mine Bitcoins Android, Android Bitcoin Mining, Back Door Hack, Mining For Bitcoin >>>>> Download Now

    >>>>> Download Full

    Air Canada Order Confirmation Email Contains Malicious Urlbit Coin Plus, Mine Bitcoins Android, Android Bitcoin Mining, Back Door Hack, Mining For Bitcoin >>>>> Download LINK

    >>>>> Download Now

    Air Canada Order Confirmation Email Contains Malicious Urlbit Coin Plus, Mine Bitcoins Android, Android Bitcoin Mining, Back Door Hack, Mining For Bitcoin >>>>> Download Full

    >>>>> Download LINK jw

    ReplyDelete

Subscribe to: Post Comments (Atom)