Booking bedding inclusions? Beware widely spammed out malware attack

Filed Under: Featured, Malware, Spam

Bare feet in bed. Image from ShutterstockA widespread spam campaign has been sent out around the world, attempting to trick internet users into infecting their computers with malware.

Emails, pretending to come from the customer service department of popular hotel booking website Booking.com, have been distributed.

Booking.com is, of course, a very popular website for people arranging accommodation - but even if you are not planning a trip, you might be vulnerable to being tricked into making bad decisions if you receive one of the emails. A bad decision which could end up with your computer being compromised, and your personal information being stolen.

At first glance you may think that the emails are blank, save for a subject line of "Booking Confirmation [random number]":

Malicious email claiming to come from Booking.com

But although there is no message body, there is a file attached called Booking_BEDDING-INCLUSIONS.zip:

Attached file, containing malware

Would you open the file?

Cybercriminals are certainly hoping that you will, as they're banking on you being curious enough to check out the contents of the ZIP file - whcih contains contains malicious code posing as a PDF document: Booking_BEDDING-INCLUSIONS.pdf.exe.

Sophos has intercepted many instances of this malicious attack, which is still in progress, proactively identifying the malware as Mal/BredoZp-B.

Always be on your guard against unsolicited emails - even if they appear to come from legitimate organisations. It could be that the link you are about to click on, or the attached file you are about to open, is really a disguise for a malware attack.

Two feet in bed image from Shutterstock.

, ,

You might like

One Response to Booking bedding inclusions? Beware widely spammed out malware attack

  1. zipper · 681 days ago

    Got one, this is the first site to cover the problem.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.