December 12th, 2008

US-CERT: Beware of airline ticket e-mail scam

Posted by Ryan Naraine @ 10:45 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Malware, Phishing, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: Malware, Social Engineering, US-CERT, E-mail, Viruses And Worms, Online Communications, Security, Ryan Naraine

The United States Computer Emergency Readiness Team (US-CERT) has issued an alert for an e-mail scam targeting holiday travelers, warning that malware authors are using clever social engineering tactics to hijack Windows computers.

In the e-mail scam, users get a .zip file attached to a message about an airline ticket and an ominous mention of a credit card balance.  It appears to come from legitimate major airlines including Delta, JetBlue, Continental, American Airlines and Virgin America.

This .zip attachment appears to contain a purchase invoice and flight ticket. If a user opens this attachment, malicious code may be installed on the system.

The malware associated with this spam run is a Trojan downloader that’s typically used to drop other malicious programs on an infected machine.  It was previously used in e-mail scams related to fake UPS invoices.

The use of social engineering lures alongside news events and holidays is tried-and-true so it’s no surprise to see this type of scam circulating at holiday time.  However, the use of a fake “credit card balance” is somewhat unique, meant to scare unwary users into opening the rigged attachment.

US-CERT encourages users to do the following to help mitigate the risks:

• • • Install anti-malware software and keep the signatures up to date.
    • Use extreme caution when opening attachments, even those that arrive from trust sources (these can be spoofed).
    • Refer to the Recognizing and Avoiding Email Scams (.pdf) document for more information on avoiding email scams.
    • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.