FYI...

Airlines - infected ticket invoices...
Attachment contains same Trojan horse that stole 1.6M records from Monster.com last year
- http://preview.tinyurl.com/66ayhz
July 28, 2008 (Computerworld) - "Several airlines, including Delta Air Lines Inc. and Northwest Airlines Corp., have warned customers that bogus e-mails posing as ticket invoices contain malware and urged them to immediately delete the messages. A researcher at McAfee Inc. confirmed the campaign in a post to the company's blog*. The e-mails, which purport to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a log-in username and password, and say the person's credit card has been charged an amount usually in the $400 range. An attachment claims to be the invoice for the ticket and credit card charge..."
* http://www.avertlabs.com/research/blog/ind...m-takes-flight/

More...
- http://www.f-secure.com/weblog/archives/00001477.html
July 30, 2008 - "... Today when we saw a large spam run sending out fake JetBlue etickets... The mail contains a ZIP file that contains the file eTicket#1721.exe which we detect as Trojan-Spy:W32/Zbot.QO. The malware itself tries to steal usernames and passwords to online banks..."
(Screenshot available at the F-secure URL above.)

- http://www.us-cert.gov/current/#airline_e_...et_email_attack
July 31, 2008



This post has been edited by AplusWebMaster: Aug 5 2008, 04:29 AM

FYI...

Treasury Optimizer - malware update
- http://blog.trendmicro.com/treasury-optimi...s-with-malware/
Aug. 30, 2008 - "Treasury Optimizer is an online banking tool offered by Capital One Bank which aims to provide secure access to business accounts on the Web, 24/7. Posed to replace electronic money or more popularly known as eCash, it offers to protect customers’ accounts through security features such as multifactor authentication. Unfortunately, their security offerings come short, as we receive bulks of phishing emails that “promote” the Treasury Optimizer. The phishing mail instructs the client to update their account due to a potential security risk that affects all of Capital One Bank products, including the Treasury Optimizer... The conventional phishing attack aims to capture users’ credentials through fake login pages spammed through email. For this attack however, the phishing link given in the phishing email leads to a page that does not ask for credentials, but tells the user to download a file instead. When the user clicks the link contained in the phishing email, the following spoofed Treasury Optimizer Web page is displayed... The page explains that the bank had to fix (the) vulnerability; and in order to fix it, the client MUST download the update. It even displays different download links for different operating systems. It will then download an .EXE file that poses as an installation setup... The downloaded file is detected by Trend Micro as TROJ_SMALL.MAT. This malware-enhanced phishing attack is neither the typical type of phishing attack, nor is it less dangerous. The scope of a phishing attack is usually limited; one account from a target organization compromised in every successful attack. But this phishing attack installs a malware on the affected user’s system instead, and then uses it to monitor users’ online activities, thus possibly disclosing more information..."

(Screenshots available at the URL above.)