A gift from ZeuS for passengers of US Airways
On 20 March, we detected a spam campaign targeting passengers of US Airways. Almost the entire week cybercriminals were sending users the following email allegedly from US Airways:
There is a brief description of the check-in procedure and a confirmation code is provided for online reservation.
The criminals are obviously banking on any recipients flying on the flight mentioned in the email clicking on the link “Online reservation details”.
Different emails contained different links – for example, we noticed the following domains: sulichat.hu, prakash.clanteam.com, panvelkarrealtors.com.
After clicking the link a series of redirects eventually leads to a domain hosting BlackHole Exploit Kit.