Airlines are the current darlings of malware and phishing gangs, with several campaigns using airline-related themes. The most recent attack attempts to extract the username/password combinations of Brazilian airline TAM frequent flyers. The email promises free miles upon entry of a promotional code. Email and translation follow:
Email text
TAM Fidelidade.
Parabns você acaba de ser sorteado com 10.000 pontos milhas TAM Fidelidade.
O seu código promocional é:
602H4NBS884588203
Insira o código no link abaixo para confirmar o crédito de 10.000 milhas em sua conta fidelidade
Translation:
Congratulations you’ve just been drawn with 10,000 miles TAM Loyalty points.
Your promotional code is:
602H4NBS884588203
Enter the code on the link below to confirm the credit of 10,000 miles in your account loyalty.
After the operation, wait for 48 hours for credit.
We are available to answer any questions.
Sincerely,
The links lead to a very colorful, animated site where the promotional code can be entered:
Once the code is entered, victims are asked for their genuine username and password as confirmation. The Phishers can then use the Star Alliance points to purchase airline tickets and other goodies worldwide.
The phishing attack follows (unrelated – except for the airline theme)) continued use of phony American Airlines tickets to distribute malware.
The links in the follow the pattern of the phony AT&T wireless emails distributed last week. One example:
http://authorsinn.com/9ZT4-YfA/index.html
The elaborate scripts on the destination sites are reportedly aimed at downloading the Zeus Trojan.