SecurityTube

Backdoor Trojan disguised as flight confirmation email hits German internet users

JB

German internet users should be on their guard today, after malware was widely spammed out posing as a flight confirmation from Lufthansa.

Of course, the emails don't really come from Lufthansa - but it's likely that some internet users will have been duped into clicking on the attachment, even if they aren't planning to travel anywhere, our of sheer curiousity.

The attached ZIP file contains a file called Flugsheindetails.PDF.exe, clearly named in an attempt to trick the unwary into believing it is a PDF.

Running the program, installs its malicious code onto the computer, disguising itself as svchost.exe to allay the suspicions of anyone checking the list of running processes. A Registry key of SunJavaUpdateSched is also set.