Bogus airline charge leads to Zeus Trojan

A recent spam campaign is targeting frequent users of a popular German airline carrier, baiting them with a exorbitant bogus fee that has apparently been charged to their credit card:

Puzzled by the claim, the potentials victims are likely to follow the provided link to see what exactly is going on and why are they being charged $493.67 for services they haven’t ordered. Unfortunately for them, the URL leads to a page hosted on a compromised religious website that contains a number of iframes which try to load additional content from outside the domain.

At the other end of the connection, there is the Neosploit toolkit trying to guess the user’s operating system, browser type and run a PDF exploit against the unsuspecting victim,” says BitDefender.” If it succeeds, a generic downloader which subsequently downloads a variant of the information-stealing Zeus Trojan is installed.

Users are reminded to avoid clicking on links in unsolicited e-mails and, if they want to check the claims, to contact the company or their bank directly.