Email malware flying high

Filed Under: Malware, Spam

Cybercriminals are spamming out a new malicious email campaign, posing as airline tickets.

In an attack which is similar to the contract malware we saw earlier this week and last week, the dangerous messages have a ZIP file attached to them (in this case named print-ticket.zip) which if opened will infect Windows users with a Trojan horse.

The emails claim that the recipient has registered an account with a well-known airline and that their credit card has been debited for hundreds of dollars.

Here is a typical example of one of the emails:

Malicious email pretending to be from US Airways

As well as US Airways, malicious emails have also been seen pretending to come from the likes of Virgin America, Sun Country Airlines, Delta Airlines, JetBlue Airways, Spirit Airlines, Hawaiian Airlines, AirTran Airways, Alaska Airlines, Northwest Airlines, Frontier Airlines, USA3000 Airlines, Midwest Airlines, American Airlines and Continental Airlines.

The danger is that if you receive an email claiming that your credit card has been stung without your permission, you may rush to open the file for more information without engaging your brain first. These hackers are relying on the red mist of fury to blind you from common sense.

You should always be suspicious of unsolicited email attachments, and keep your anti-virus software up-to-date. Sophos detects the malware in this latest campaign as Troj/Invo-Zip and Mal/EncPk-GH.

This isn't the first time that hackers have disguised their malware as airline tickets. For instance, back in the middle of 2008 there was a widespread campaign using a similar tactic. We made a movie at the time showing how the labs were able to protect against it.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.