The Northwest Airlines malware attack

Filed Under: Malware, Spam

We're seeing a Trojan horse being widely spammed out at the moment posing as an email from Northwest Airlines.

The emails have the following characteristics:

From: "Northwest Airlines" <tickets@nwa.com>
Subject line: E-ticket #<randomnumber>
Attached file: Your_ETicket.zip or eTicket.zip

Message body:

Hello!

Thank you for using our new service "Buy Northwest Airlines ticket Online" on our website.
Your account has been created:

Your login: <email address>
Your password: <password>

Your credit card has been charged for $XXX.XX.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
<name>
Northwest Airlines

The amount that your credit card has allegedly been charged, the password and the name that signs-off at the end of the email appears to change each time.

Example of infected email

The file Your_ETicket.zip doesn't contain a genuine electronic ticket of course, and your credit card has not been charged. The hackers are hoping that you will be so affronted at being charged for an airline flight that you haven't booked that you will open the attachment without thinking.

Clicking on the attachment is not a good idea, however, as it contains the Troj/Agent-IPS Trojan horse.

Of course, there is nothing stopping the hackers from using other airline names also - so don't make the mistake that emails apparently from Northwest Airlines are the only ones to be cautious about.

This technique of posing as an air ticket isn't a new one. Cybercriminals tried a similar scam early last month, and back in the middle of 2008 there was a widespread campaign using a similar tactic. We made a movie at the time showing how the labs were able to protect against it.

As has been said many times before, you need to be extremely cautious of unsolicited email attachments. Always think before you click, or you could be putting your computer at risk of infection.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.