Reading Time: ~ 1 min.

By Dancho Danchev

Cybercriminals are currently spamvertising tens of thousands of emails impersonating American Airlines in an attempt to trick its customers into thinking that they’ve received a download link for their E-ticket. Once they download and execute the malicious attachment, their PCs automatically join the botnet operated by the cybercriminal/gang of cybercriminals behind the campaign.

More details:

Sample screenshot of the spamvertised email:


Sample compromised URLs participating in the campaign:

Detection rate for the malicious executable: MD5: f17ee7f9a0ec3d7577a148ae79955d6a – detected by 10 out of 46 antivirus scanners as Mal/Weelsof-D

Once executed, the sample phones back to the following C&C servers:

Webroot SecureAnywhere users are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This