Charter flight reservation emails carry dangerous malware payload

Malware attack spammed out

Plane flying around planet. Image from ShutterstockOnce again, email users are being reminded to be wary of unsolicited email attachments – as a criminal gang spams out an attack designed to infect Windows computers.

The emails, which all have a subject line of “Charter flight reservation”, claim to be related to the reservation of a charter flight for multiple people.

However, attached to the emails is a file called Report-D9935.zip that contains malware.

Malicious email

Malicious email

Malicious email

Just as with another malware campaign seen this week, the messages can vary and spelling mistakes appear to have been deliberately and semi-randomly included in an attempt to avoid detection by rudimentary filters.

Here is a small sample of the many different message bodies that we have seen:

Please confirm your resrevation of charter flight.
Your secreatry has reserved a charter flight for 55 persons. We have caluclate a price for rent this trip with a Airbus A320 aircraft. More informaiton you can get from attached booklet.

Please confirm your rseervation of charter flight.
Your secrteary has reserved a charter flight for 9 persons. We have claculate a price for rent this trip with a Dassault Falcon 7X CS-DSA aircraft. More infromation you can get from attached booklet.

Please confirm your reseravtion of charter flight.
Your secreatry has reserved a charter flight for 9 persons. We have calcluate a price for rent this trip with a Learjet 60 aircraft. More infromation you can get from attached booklet.

Attached to the emails is a file called Report-D9935.zip, which contains the malware.

What the cybercriminals are banking on, of course, is that some people will open the email attachment even though they haven’t booked a plane. You can imagine how some folks would do that out of curiousity, or concerned that they might be mistakenly being charged for something expensive.

It only takes a small number of people to fall for a trick like this for it to be worthwhile for the malware spreaders.

Sophos detects the emails as spam, and proactively protects against the malware – intercepting it as Mal/Katusha-F.

Airplane flying around a planet image, courtesy of Shutterstock.