Charter flight reservation emails carry dangerous malware payload

Filed Under: Featured, Malware, Spam

Plane flying around planet. Image from ShutterstockOnce again, email users are being reminded to be wary of unsolicited email attachments - as a criminal gang spams out an attack designed to infect Windows computers.

The emails, which all have a subject line of "Charter flight reservation", claim to be related to the reservation of a charter flight for multiple people.

However, attached to the emails is a file called Report-D9935.zip that contains malware.

Malicious email

Malicious email

Malicious email

Just as with another malware campaign seen this week, the messages can vary and spelling mistakes appear to have been deliberately and semi-randomly included in an attempt to avoid detection by rudimentary filters.

Here is a small sample of the many different message bodies that we have seen:

Please confirm your resrevation of charter flight.
Your secreatry has reserved a charter flight for 55 persons. We have caluclate a price for rent this trip with a Airbus A320 aircraft. More informaiton you can get from attached booklet.

Please confirm your rseervation of charter flight.
Your secrteary has reserved a charter flight for 9 persons. We have claculate a price for rent this trip with a Dassault Falcon 7X CS-DSA aircraft. More infromation you can get from attached booklet.

Please confirm your reseravtion of charter flight.
Your secreatry has reserved a charter flight for 9 persons. We have calcluate a price for rent this trip with a Learjet 60 aircraft. More infromation you can get from attached booklet.

Attached to the emails is a file called Report-D9935.zip, which contains the malware.

What the cybercriminals are banking on, of course, is that some people will open the email attachment even though they haven't booked a plane. You can imagine how some folks would do that out of curiousity, or concerned that they might be mistakenly being charged for something expensive.

It only takes a small number of people to fall for a trick like this for it to be worthwhile for the malware spreaders.

Sophos detects the emails as spam, and proactively protects against the malware - intercepting it as Mal/Katusha-F.

Airplane flying around a planet image, courtesy of Shutterstock.

,

You might like

3 Responses to Charter flight reservation emails carry dangerous malware payload

  1. Do not open unsolicited and unknown sender emails!

  2. Mike P · 742 days ago

    There are also emails claiming to give details of seat reservations or flight bookings, often citing United or USAirways as the carrier. Ther always, in my experience, refer to flights in the US and as I live in the UK I know they are phishing at least or nefarious and malicious at worst. They get files in that wonderful folder called Trash/Recycle Bin or the ubiquitous 'File 13'.

  3. Nigel · 742 days ago

    I am always have my secreatry to caluclate my resrevations based on all the infromation I can get from attached booklet. But sometime secrteary has to claculate the rseervations. Other time she must calcluate the reseravtion. That how I can be sure I get the right for rent this trip.
    ________

    I have to wonder...do the morons who cook up these scams "think" (and I use that term with a great deal of poetic license) that everyone else is as stupid as they are?

    ...er, never mind. It's a rhetorical question. I suppose it's axiomatic that people who are so blatantly illiterate don't know it, and don't care. One should not expect rational behavior from such idiots in the first place.

    Ah, well...at least we can count on them for good comedy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.