Fake Jetblue eTickets	Posted by Patrik @ 21:32 GMT

The most common way a person gets infected these days is through drive-by downloads, and while the prevalence of malicious e-mail attachments has definitely gone down, we still see them on a daily basis. Such as today when we saw a large spam run sending out fake JetBlue etickets.

The message contains a ZIP file that itself contains the file eTicket#1721.exe, which we detect as Trojan-Spy:W32/Zbot.QO. The malware itself attempts to steal usernames and passwords to online banks.

I guess we can call this way of spreading malware "old school"…