Fake message tells travelers they have been upgraded and are invited to check the flight information attached. Email attachment contains a Trojan (identified by Bitdefender as Trojan.Downloader.JQCM) Trojan downloads another malicious piece of code (Trojan.genericKD.1328431) to steal login credentials and passwords. Crooks appear utterly interested in new FTP accounts because the code comprises a huge list of FTP clients, including FAR, CuteFTP, FlashFXP, Bullet Proof FTP, SmartFTP and SecureFX.”]