Airlines are the current darlings of malware and phishing gangs, with several campaigns using airline-related themes. The most recent attack attempts to extract the username/password combinations of Brazilian airline TAM frequent flyers. The email promises free miles upon entry of a promotional code. Email and translation follow:
Parabns você acaba de ser sorteado com 10.000 pontos milhas TAM Fidelidade.
O seu código promocional é:
Insira o código no link abaixo para confirmar o crédito de 10.000 milhas em sua conta fidelidade
Congratulations you’ve just been drawn with 10,000 miles TAM Loyalty points.
Your promotional code is:
Enter the code on the link below to confirm the credit of 10,000 miles in your account loyalty.
After the operation, wait for 48 hours for credit.
We are available to answer any questions.
The links lead to a very colorful, animated site where the promotional code can be entered:
Once the code is entered, victims are asked for their genuine username and password as confirmation. The Phishers can then use the Star Alliance points to purchase airline tickets and other goodies worldwide.
The phishing attack follows (unrelated – except for the airline theme)) continued use of phony American Airlines tickets to distribute malware.
The links in the follow the pattern of the phony AT&T wireless emails distributed last week. One example:
The elaborate scripts on the destination sites are reportedly aimed at downloading the Zeus Trojan.