You receive the electronic reservation? Malware attack poses as hotel booking email

Filed Under: Featured, Malware, Spam

Bogus hotel reservation emails have been spammed out widely, which claim to come from Booking.com but in reality carry malware designed to infect Windows computers.

Even if recipients haven't booked a hotel room they might be tempted to open the dangerous attachments, in fear that their credit card has been charged.

Here's what a typical malicious email looks like:

Malicious hotel booking email

The emails are not entirely convincing, as they use a subject line in somewhat broken English:

Subject:
you receive the electronic reservation [random number]
From:
"Booking.com" <Reservation@my.booking.com>
Attached file:
Your electronic reservation ID[random].zip

Here's another example, which claims that you have booked a vacation at the Mandarin Oriental hotel in London's Hyde Park:

Nalicious hotel booking email

As you can see, the cybercriminals behind the campaign have attempted to make their attack harder to block by varying subject lines, attached filenames and the vacation details included in the body of the email.

For instance, a wide variety of hotel names are used in the bogus reservation emails. Here are just a handful of the names used:

  • Four Seasons Hotel
  • Mandarin Oriental Hyde Park
  • Shangri-La Hotel
  • Hotel Imperial
  • Mara Safari Club
  • The Sanctuary At Kiawah Island
  • Il San Pietro di Positano
  • Four Seasons Resort Maui at Wailea
  • Grand Hotel Timeo
  • Hotel Ritz-Carlton

If you do receive one of these emails, delete it from your inbox. The one thing you shouldn't do is open the ZIP file and attempt to access the file contained within, as it is designed to infect your Windows computer.

Sophos security products detect the attack as both spam and malware (identifying the attachment proactively as Mal/DrodZp-A).

Of course, this is far from the first time that malware authors have distributed their attack posing as a hotel booking, and it's unlikely to be the last. The reason they use disguises like this is that the social engineering works so well at tricking people into clicking on the dangerous attachment or a malicious link.

It's time to wise up, and tell your friends not to fall for such traps.

You should always be suspicious of email attachments that are sent to you out of the blue. Make sure that your anti-virus product is updated, that you have the latest security patches, and tell your friends to think twice before opening unknown attachments.

Stay safe folks.

, , , , ,

You might like

3 Responses to You receive the electronic reservation? Malware attack poses as hotel booking email

  1. Boo · 599 days ago

    The dates give it away as spam - dumbasses.

  2. matt · 598 days ago

    The dates quoted within the sample messages really *do* seem to be from a completely different - not to mention weird and wonderful - time zone. It's be some kind of fall to "fool for such traps"...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.