E-ticket to Malware

Filed Under: Malware, SophosLabs, Spam

As with the recent spate of UPS themed spammed out malware, comes the E-Ticket one.

The idea is the same - "Thanks for using our service blah blah blah ..... here is the attached receipt/invoice"

The messages so far have a subject of "E-Ticket #XXXXXXXXXX" and have the following outline

Thank you for using our new service "Buy flight ticket Online" on our website.
Your account has been created:

Your login: xxxx@yyyyy.zzz
Your password: somepassword

Your credit card has been charged for $474.46.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Jane Citizen
Some Prominent Airline Company

The attachment is unsurprisingly called eTicket#XXXX.zip, which contains the malware, detected as Troj/Zbot-AE.

If you happen to launch this binary you'll turn your computer into a willing bot sending your internet bill skywards...

Seems like this flight is grounded.

You might like