ZBot trojan attached to flight ticket confirmation
I just received the following email message in my inbox:
Your login: israel@leichtman.net Your password: passR5AW
Your credit card has been charged for $601.66. We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards, Southwest Airlines
If you get such an email DO NOT OPEN THE ATTACHMENT
Subject:Your Online Flight Ticket N 49444
Greetings, Thank you for using our new service "Buy airplane ticket Online" on our website. Your account has been created:Your login: israel@leichtman.net Your password: passR5AW
Your credit card has been charged for $601.66. We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards, Southwest Airlines
If you get such an email DO NOT OPEN THE ATTACHMENT
Attachments are .zip files with filename E-ticket_N7399294.zip (random number) with inside a E-ticket_N7399294_and_Invoice_for_N73992943442.exe.
On an infected computer the trojan will create a new files like %System%\ntos.exe, %System%\wsnpoem\audio.dll, %System%\wsnpoem\video.dll and creates a new directory %System%\wsnpoem.
It also adds and modifies entries in the Windows registry and make connection with a server for http://*********.ru/alaska/alaska.bin. It opens random TCP ports in order to provide backdoor capabilities.
posted by lnacomp @ 10:29 PM
0 Comments:
Post a Comment
<< Home