Analysis by: Mary Jen Sen Chua

Spammers often spoof online transactions when claiming victims. This spammed message copies an Air Canada booking notification, which asks the victim to download and print their purchased ticket.

A link on the message redirects to a malicious download site that downloads a variant fromt the ZEUS malware family. ZEUS variants has rootkit capabilities, creating hidden folders to avert discovery. THey are known to monitor user's Web browsing activities using the browser window titles or address bar URLs as triggers for its attack. They steal account information from online services like online banking, social networking, and e-commerce.

The mail and the malware is already detected and blocked by Trend Micro products. It is best for users to refrain from clicking links or downloading files from messages they do not expect to come, even as these appear to be from legitimate sources.

 SPAM BLOCKING DATE / TIME: April 14, 2013 GMT-8
 TMASE INFO
  • ENGINE:7.0
  • PATTERN:9796