Malware poses as booking confirmation email from Welsh seaside hotel

Filed Under: Featured, Malware, Spam

Atlantic Hotel bedA seaside hotel in Pembrokeshire, South West Wales, has become the unwilling participant in a widespread malware attack spammed around the world.

Computer users have received emails claiming to be a booking confirmation from the Atlantic Hotel in Tenby.

But the truth of the matter is that the emails don't come from the hotel at all, but are instead designed to trick curious recipients into opening the dangerous file attached.

Here is what a typical email sent out in the malware campaign looks like:

Malicious hotel email

Subject: Fw: Atlantic Hotel

Dear,

Further to our telephone conversation, please find attached confirmation of your booking with us.

We would like to thank you for making this reservation and we look forward to greeting you at the Atlantic Hotel on the 20th March 2013.

Yours sincerely,
Duty Manager

Attached to the email is a file called "AtlanticHotel Booking Confirmation.zip", which contains a malicious Trojan horse.

Sophos products detect the attack as the Troj/Agent-AAQY Trojan horse, designed to hijack your Windows computer and give remote access to malicious hackers.

The Atlantic Hotel is clearly unimpressed with the malware campaign bringing its name into disrepute, and has put a note on the front page of its website:

Hotel website

Please Note
The Atlantic Hotel domain is currently being used to 'spoof' emails containing a 'trojan' attachment ending in the words booking confirmation.zip. We are aware of this and are trying to combat the situation, please delete any email with an attachment purporting to be from us. These emails originate somewhere other than on our server and so we have no control over them.

As always, the best defence is to keep your anti-virus defences updated and always think twice before opening unsolicited email attachments.

PS. For those thinking of nipping off to Tenby for a quick holiday here's a weather report. It's currently cloudy, with the prospect of rain showers later.

It's a bracing 4℃ (that's 39℉), so there's probably no need to pack any suntan lotion.

, , , ,

You might like

9 Responses to Malware poses as booking confirmation email from Welsh seaside hotel

  1. gmd · 567 days ago

    Lol, a Uk resident would automatically twig this as false. Who in their right mind would want to visit Wales?:-)

  2. Ben · 567 days ago

    Any more details on this virus. I have a pc infected with it. Our solution detects and removes it but the virus is continually self replicating and therefore just in a continuous detection and removal loop

  3. Kevin Dawson · 566 days ago

    I've just received this one today, not opened it, just deleted.

  4. MarkyMark · 563 days ago

    Come to Wales, home of the 6 Nations Champions 2013 ;-)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.