TrojanDownloader.Kuluoz.ab is a Trojan Downloader that arrives in users inboxes as an email pretending to be from the airline company, American Airlines regarding purchased tickets.
The email body contains a link to download a copy of the purchased electronic tickets. If a user clicks on the embedded “Download It” link, the user will be redirected to the site: hxxp://virgines.xxxx-zhytomxx.com.ua/images/index.php?ticket=862_410524
After the user is redirected to the website, the Trojan downloads the zip file, "AA_ETicket.zip", and this archive file contains an executable file. Upon execution of the executable file, it will drop a copy of itself at the following location: %userprofile%\Local Settings\Application Data\[random_name].exe
Please Note: Thirtyseven4 Antivirus is up-to-date against this threat and the Thirtyseven4 Browser Protection module and been updated to proactively block further access to this domain and all sub-domains.
Below are example screenshots:
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
