FYI...

Airlines - infected ticket invoices...
Attachment contains same Trojan horse that stole 1.6M records from Monster.com last year
- http://preview.tinyurl.com/66ayhz
July 28, 2008 (Computerworld) - "Several airlines, including Delta Air Lines Inc. and Northwest Airlines Corp., have warned customers that bogus e-mails posing as ticket invoices contain malware and urged them to immediately delete the messages. A researcher at McAfee Inc. confirmed the campaign in a post to the company's blog*. The e-mails, which purport to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a log-in username and password, and say the person's credit card has been charged an amount usually in the $400 range. An attachment claims to be the invoice for the ticket and credit card charge..."
* http://www.avertlabs.com/research/blog/ind...m-takes-flight/

More...
- http://www.f-secure.com/weblog/archives/00001477.html
July 30, 2008 - "... Today when we saw a large spam run sending out fake JetBlue etickets... The mail contains a ZIP file that contains the file eTicket#1721.exe which we detect as Trojan-Spy:W32/Zbot.QO. The malware itself tries to steal usernames and passwords to online banks..."
(Screenshot available at the F-secure URL above.)

- http://www.us-cert.gov/current/#airline_e_...et_email_attack
July 31, 2008



This post has been edited by AplusWebMaster: Aug 5 2008, 04:29 AM

FYI...

Malicious iFrame on Gadgetadvisor.com
- http://www.f-secure.com/weblog/archives/00001687.html
May 22, 2009 - "Are you a gadget geek? Do you often seek advice from Gadget Advisor before making a purchase? Our Web Security Analyst discovered a malicious IFrame on the popular tech website that redirects visitors to a malicious website... If the site detects a PDF browser plugin for Adobe Acrobat and Reader, it loads a specially-crafted malicious PDF file that exploits a stack-based buffer overflow vulnerability ( http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-2992 ). The net effect of the attack is to plant a trojan, detected as Trojan-Downloader.Win32.Agent.brxr, on vulnerable systems by calling the util.printf JavaScript function, which connects back to the malicious website in order to download the trojan to the machine. A remote attacker can access the user's machine once it has been infected with the trojan... This attacks is targeted against older, unpatched version of Adobe programs, as the latest Adobe updates have already fixed this problem. More information and the updates can be found at Abobe at:
http://www.adobe.com/support/security/bull.../apsb08-19.html. Disabling the JavaScript function in Acrobat and Reader will also prevent the threat from proceeding."

(Screenshot available at the F-secure URL above.)