Sophos Cloud Optix
Once again, email users are being reminded to be wary of unsolicited email attachments – as a criminal gang spams out an attack designed to infect Windows computers.
The emails, which all have a subject line of “Charter flight reservation”, claim to be related to the reservation of a charter flight for multiple people.
However, attached to the emails is a file called Report-D9935.zip that contains malware.
Just as with another malware campaign seen this week, the messages can vary and spelling mistakes appear to have been deliberately and semi-randomly included in an attempt to avoid detection by rudimentary filters.
Here is a small sample of the many different message bodies that we have seen:
Please confirm your resrevation of charter flight.
Your secreatry has reserved a charter flight for 55 persons. We have caluclate a price for rent this trip with a Airbus A320 aircraft. More informaiton you can get from attached booklet.Please confirm your rseervation of charter flight.
Your secrteary has reserved a charter flight for 9 persons. We have claculate a price for rent this trip with a Dassault Falcon 7X CS-DSA aircraft. More infromation you can get from attached booklet.Please confirm your reseravtion of charter flight.
Your secreatry has reserved a charter flight for 9 persons. We have calcluate a price for rent this trip with a Learjet 60 aircraft. More infromation you can get from attached booklet.
Attached to the emails is a file called Report-D9935.zip, which contains the malware.
What the cybercriminals are banking on, of course, is that some people will open the email attachment even though they haven’t booked a plane. You can imagine how some folks would do that out of curiousity, or concerned that they might be mistakenly being charged for something expensive.
It only takes a small number of people to fall for a trick like this for it to be worthwhile for the malware spreaders.
Sophos detects the emails as spam, and proactively protects against the malware – intercepting it as Mal/Katusha-F.
Airplane flying around a planet image, courtesy of Shutterstock.
Do not open unsolicited and unknown sender emails!
There are also emails claiming to give details of seat reservations or flight bookings, often citing United or USAirways as the carrier. Ther always, in my experience, refer to flights in the US and as I live in the UK I know they are phishing at least or nefarious and malicious at worst. They get files in that wonderful folder called Trash/Recycle Bin or the ubiquitous 'File 13'.
I am always have my secreatry to caluclate my resrevations based on all the infromation I can get from attached booklet. But sometime secrteary has to claculate the rseervations. Other time she must calcluate the reseravtion. That how I can be sure I get the right for rent this trip.
________
I have to wonder…do the morons who cook up these scams "think" (and I use that term with a great deal of poetic license) that everyone else is as stupid as they are?
…er, never mind. It's a rhetorical question. I suppose it's axiomatic that people who are so blatantly illiterate don't know it, and don't care. One should not expect rational behavior from such idiots in the first place.
Ah, well…at least we can count on them for good comedy.