FYI...

Airlines - infected ticket invoices...
Attachment contains same Trojan horse that stole 1.6M records from Monster.com last year
- http://preview.tinyurl.com/66ayhz
July 28, 2008 (Computerworld) - "Several airlines, including Delta Air Lines Inc. and Northwest Airlines Corp., have warned customers that bogus e-mails posing as ticket invoices contain malware and urged them to immediately delete the messages. A researcher at McAfee Inc. confirmed the campaign in a post to the company's blog*. The e-mails, which purport to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a log-in username and password, and say the person's credit card has been charged an amount usually in the $400 range. An attachment claims to be the invoice for the ticket and credit card charge..."
* http://www.avertlabs.com/research/blog/ind...m-takes-flight/

More...
- http://www.f-secure.com/weblog/archives/00001477.html
July 30, 2008 - "... Today when we saw a large spam run sending out fake JetBlue etickets... The mail contains a ZIP file that contains the file eTicket#1721.exe which we detect as Trojan-Spy:W32/Zbot.QO. The malware itself tries to steal usernames and passwords to online banks..."
(Screenshot available at the F-secure URL above.)

- http://www.us-cert.gov/current/#airline_e_...et_email_attack
July 31, 2008



This post has been edited by AplusWebMaster: Aug 5 2008, 04:29 AM

FYI...

More Malicious SPAM from Pushdo...
- http://www.marshal.com/TRACE/traceitem.asp...hesection=trace
March 18, 2009 "...
> Phishing - Pushdo is currently one of the major botnets responsible for sending Phishing spam. For the past few weeks, it has been targeting Paypal, USBank and Fifth Third Bank customers to lure users into opening links from spam and logging on to a legitimate looking websites... More recently, a Bank Of America spam attack was caught by our spam traps - again sent by Pushdo. The email tells you that the automatic installation of a Bank of America certificate failed and needs manual installation. Opening the link from the message body will open a website that provides an "instruction video" on how to install the "certificate". Of course, it needs "Adobeflashplayer.exe" to view it. But please be wary, the executable file is a password stealing Trojan horse...
> Social Networking website brands like Classmates and Facebook are also used by Pushdo. Its modus operandi is to send you a fake video invitation. Upon opening the URL link the website will require you to download a fake video codec or flash version which, again, is actually a Trojan Horse...
> Malicious Attachments - Pushdo is one of the few botnets that regularly distibutes spam with malicious attachments. Themes vary, but recent themes include fake invoices and airline ticket confirmations. The email usually asks you to open a ZIP-compressed attachment for you to print. The .ZIP attachment contains a password stealing Trojan Horse that hides its appearance by using a Microsoft Excel icon...
> Scams - Our spam traps also receive scam emails offering part-time and remote employment. Pushdo uses variations of subject lines like:
• Experience employment: Manager (Remote, part-time vacancy; 2500 USD/month)
• Experience long-term employment: Accountant (Remote, part-time vacancy; 2500 USD/month)
• Part time Manager (Remote vacancy; 2500 USD/month)
• Newly opening Accountant (Remote, part-time vacancy; 2500 USD/month)
• Experience employment: Accountant (Remote, part-time vacancy; 2500 USD/month)
> Valentine's Day Theme - And lastly, approximately 20% of the spam Pushdo currently sends is still using a Valentine's Day theme. At least for this botnet, everyday is Valentine's day..."

(Screenshots available at the URL above.)