- Jan 24, 2011
- 9,378
Flight includes beverages, food and a Trojan horse on the house
A new medium-size spam wave is threatening credit card users who are frequently flying with one of Germanyâs most famous airline carriers. The fraud scheme is based on the already classical approach that tells the user they have been charged for a service they havenât ordered.
Spam message inviting the victim to visit their link to see where they are going to fly.
Should the user want to see what exactly happened to the $493.67 allegedly withdrawn from their card, they have to click on the link provided into the spam message. The embedded URL takes them to a specially-crafted page hosted on a religious website that has probably been hacked into. This HTML page is rigged with iframes which will try to load extra content from outside the domain.
At the other end of the connection, there is the Neosploit toolkit trying to guess the userâs operating system, browser type and run a PDF exploit against the unsuspecting victim. The attack relies on two key components to reach its target: the first one is the alleged $493.67 sum withdrawn from the account, and the second is the lack of attachments since the user may perceive an attachment-rigged message as potentially threatening.
Read more
A new medium-size spam wave is threatening credit card users who are frequently flying with one of Germanyâs most famous airline carriers. The fraud scheme is based on the already classical approach that tells the user they have been charged for a service they havenât ordered.
Spam message inviting the victim to visit their link to see where they are going to fly.
Should the user want to see what exactly happened to the $493.67 allegedly withdrawn from their card, they have to click on the link provided into the spam message. The embedded URL takes them to a specially-crafted page hosted on a religious website that has probably been hacked into. This HTML page is rigged with iframes which will try to load extra content from outside the domain.
At the other end of the connection, there is the Neosploit toolkit trying to guess the userâs operating system, browser type and run a PDF exploit against the unsuspecting victim. The attack relies on two key components to reach its target: the first one is the alleged $493.67 sum withdrawn from the account, and the second is the lack of attachments since the user may perceive an attachment-rigged message as potentially threatening.
Read more
