Fake JetBlue eTickets come with malware

The most common way a user gets infected these days is through drive-by downloads and while the prevalence of malicious email attachments definately has gone down, this trend is still seen on a daily basis. For instance yesterday, F-Secure experts identified a large spam run sending out fake JetBlue etickets.

The mail contains a ZIP file that contains the file eTicket#1721.exe which we detect as Trojan-Spy:W32/Zbot.QO. The malware itself tries to steal usernames and passwords to online banks.