"Miles & More" scam e-mail

[lnixon]

Interesting, I think this is the first time I've seen an FF program targetted by these kinds of scams. I received this yesterday:

Quote:

From: "Miles & More"<noreply@milesandmore.com>
Subject: Your booking confirmation
To: undisclosed-recipients:;
X-Spam-Flag: YES
X-Sent: 22 hours, 8 minutes, 26 seconds ago
X-Bogosity: Spam, tests=bogofilter, spamicity=1.000000, version=1.2.2

Thanks for the purchase!

Booking number: LVSN50
Your credit card has been charged for $493.67.

Please print PASSENGER ITINERARY RECEIPT by logging into your Miles account
by clicking the link below:

http://www.miles-and-more.com

On board you will be offered:
– Beverages;
– Food;
– Daily press.

You are guaranteed top-quality services and attention on the part of our benevolent personnel.
We recommend you to print PASSENGER ITINERARY RECEIPT and take it alone to the airport.
It will help you to pass control and registration procedures faster.

See you on board!

Best regards,
Miles & More

Of course, the link in the HTML e-mail does not actually point to miles-and-more.com, but to a hijacked server in Argentina.

[olm022]

You've got PM.

[weero]

If you log in and don't get the "der Zentralrechner ist zur Zeit nicht erreichbar..." intro, then you know it's something fishy.

Did you give it a try? What are they after? Simply the M&M login? Sounds like yet another looser scam.

[lnixon]

Quote:

Originally Posted by weero

If you log in and don't get the "der Zentralrechner ist zur Zeit nicht erreichbar..." intro, then you know it's something fishy.

Did you give it a try? What are they after? Simply the M&M login? Sounds like yet another looser scam.

The link I got was already dead.

However, according to other reports, like http://news.softpedia.com/news/Fake-...d-177840.shtml it's a drive-by attack. If you click on the link in the scam e-mail and you are running an unpatched Windows system, your computer will be compromised, and you will assimilated into the Zeus botnet: https://secure.wikimedia.org/wikiped...rojan_horse%29

[weero]

Quote:

Originally Posted by lnixon

The link I got was already dead..

for trying .

[lnixon]

Quote:

Originally Posted by weero

for trying .

I poked it gently with a stick. From a Linux system.

[weero]

Quote:

Originally Posted by lnixon

I poked it gently with a stick. From a Linux system.

It is very tempting indeed.

So you reckon that the exploit could have been dangerous even when not using Outlook?

[lnixon]

Quote:

Originally Posted by weero

It is very tempting indeed.

So you reckon that the exploit could have been dangerous even when not using Outlook?

I'm pretty sure the attack targetted IE; visit the page with an out-of-date browser - *blam*.

[weero]

Quote:

Originally Posted by lnixon

I'm pretty sure the attack targetted IE; visit the page with an out-of-date browser - *blam*.

An out of date IE you mean.

With a 2 year old Opera you'd probably be just fine ...

[zara]

Quote:

Originally Posted by weero

It is very tempting indeed.

So you reckon that the exploit could have been dangerous even when not using Outlook?

According to this article here, it was Neosploit trying to exploit a 0day in Adobe Acrobat (as always...)

[lnixon]

Quote:

Originally Posted by zara

According to this article here, it was Neosploit trying to exploit a 0day in Adobe Acrobat (as always...)

Yeah, that's the other big contender.