Warning! British Airways e-ticket receipt malware arriving in an inbox near you

Filed Under: Featured, Malware, Spam

BA plane. Image from ShutterstockCriminals are spamming out a malware via email, posing as an e-ticket from British Airways.

If the email (shown below) looks like near-identical to a genuine email from the airline then that's because it is. The malicious gang behind the attack appear to have taken a real email from British Airways and simply attached a ZIP file containing the supposed ticket (but really harbouring a Trojan horse).

Click on the image below for a larger screenshot of the emails, that are being sent to internet users across the planet.

British Airways malicious email. Click for larger version

The emails all have the same subject line and file attachment, although - of course - the criminals behind the scheme could choose to change the disguise at any time.

Subject: BA e-ticket receipt
Attached file: BritishAirways-eticket.zip

It should go without saying that the emails don't really come from British Airways. Instead the criminals behind the campaign have forged the email headers to appear as though they originated at BA.e-ticket@email.ba.com.

Even if you weren't planning to fly with British Airways soon, you might still open the attachment and view its contents out of curiousity. And that's precisely what the cybercriminals are relying upon to infect as many PCs as possible.

Sophos anti-virus products intercept the malware as Troj/Invo-Zip.

Make sure that your anti-virus software is up-to-date and that your wits are about you. Always be suspicious of unsolicited email - if in doubt, don't click on the links or open attachments in emails you weren't expecting.

British Airways plane image from Shutterstock.

, , , ,

You might like

6 Responses to Warning! British Airways e-ticket receipt malware arriving in an inbox near you

  1. Martin Price · 1082 days ago

    A colleague of mine had recently booked some flights as part of a holiday; some directly with another airline, some as part of a package deal. It was a nagging doubt that caused her to seek assurances on the validity of the message when she received it, thankfully

  2. Barbara · 1081 days ago

    Same thing with American Airlines. I received an E-Ticket confirmation from AA and I had NOT booked one.. so suspected it was virus and did not open...

  3. Barbara · 1081 days ago

    fake etickets also being sent to look like they are from American Airlines also... I got an email about an AA Eticket and I had not booked a trip...so did not open it.. I suspected it was a virus... So they are using AA also..

  4. Nicki · 991 days ago

    Glad I came here first before opening the attachment!! I got one of these e-mails but hadn't booked anything with BA so suspected this was Malware. Why do the criminals send these malicious e-mails out. What do they get out of it?

    • Paul Ducklin · 991 days ago

      They may get any of a number of things off you after they've infected you with malware.

      Maybe they'll monitor your keystrokes in the hope of grabbing your usernames and passwords when you type them in. (Even a social networking password is worth money. A live account with real history is much more believable for fake messages than a newly-created one).

      Perhaps they'll get your computer to start sending spam - such as the next lot of fake BA emails - to 1000s of innocent users, thus using your bandwidth (and perhaps getting you kicked off the internet if someone notices and complains).

      Or they'll wait a while and then pop up one of those "Hey! We found 32 viruses!" warnings, and offer to "remove" them for a small fee.

      Since it cost them approximately $0.00 to send you the email, if they get just $2 back fraudulently, they're ahead.

      Multiply by 1,000,000s of copies of each spam and suddenly they're driving Bentleys...

  5. Woah. Making fun of someone for being more interesting, funny, and smart than you. Good one. (You do know the majority of nerdfighters are from the US

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley