Airline invoices and e-tickets - Fake malware versions circulating - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Airline invoices and e-tickets - Fake malware versions circulating

Travel The recent fake UPS bills have been adapted to appear like legitimate invoices and e-tickets a customer might expect to receive by email. Folks who have recently purchased e-tickets recently, should be especially careful.

Airline invoices and e-tickets - Fake malware versions circulating
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9110883
http://www.spyware-techie.com/genericdownloaderab-trojan-found-in-fake-invoice-and-airline-e-ticket-emails/
http://www.avertlabs.com/research/blog/index.php/2008/07/25/invoice-spam-takes-flight/
http://www.avertlabs.com/research/blog/index.php/2008/07/24/fake-invoice-spam-carries-malware/

QUOTE: The e-mails, which purport to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a log-in username and password, and say the person's credit card has been charged an amount usually in the $400 range. An attachment claims to be the invoice for the ticket and credit card charge.

However, the .zip file format attachment is a Trojan horse that steals information, including keystrokes, from the infected Windows PC and transmits that data to a server hosted in Russia, according to McAfee threat researcher Craig Schmugar.

EMAIL MESSAGES TO AVOID

These messages may appear in following general format:

From: [name] [airline_name] Airlines
Subject: Your order from {airlines} [number]
or
Online order for flight ticket [number]

Hello, Thank you for using our new service “Buy airplane ticket Online” on our website. Your account has been created:

Your login: [characters]
Your password: [characters]

Your credit card has been charged for $[number in the $400 range]
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the flight ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
[name]
[airline]

Attachment: E-ticket_[number].zip (containing an executable, which may have a Word document icon)

Posted: Jul 29 2008, 08:18 PM by Harry Waldron | with 3 comment(s)

Comments

donna said:

My husband recently sent that to me at work and I openned it. I have just purchased airline tickets and thought it had to do with that. Unaware it was a virus..How do i get rid of it??

desperate

# July 30, 2008 5:37 PM

Brinley said:

google Malwarebytes

its a free spyware programme but only one that i found that can remove it

with out having to removie it manualy

i had this in our company

# August 21, 2008 10:54 AM

tickets airline said:

I was also happened to me, I've got e'ticket from my company to go to my country. It was messed up. the plane had already gone

# May 12, 2009 10:26 AM

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.