Cybercriminals are spamming out a new malicious email campaign, posing as airline tickets.
In an attack which is similar to the contract malware we saw earlier this week and last week, the dangerous messages have a ZIP file attached to them (in this case named print-ticket.zip) which if opened will infect Windows users with a Trojan horse.
The emails claim that the recipient has registered an account with a well-known airline and that their credit card has been debited for hundreds of dollars.
Here is a typical example of one of the emails:
As well as US Airways, malicious emails have also been seen pretending to come from the likes of Virgin America, Sun Country Airlines, Delta Airlines, JetBlue Airways, Spirit Airlines, Hawaiian Airlines, AirTran Airways, Alaska Airlines, Northwest Airlines, Frontier Airlines, USA3000 Airlines, Midwest Airlines, American Airlines and Continental Airlines.
The danger is that if you receive an email claiming that your credit card has been stung without your permission, you may rush to open the file for more information without engaging your brain first. These hackers are relying on the red mist of fury to blind you from common sense.
You should always be suspicious of unsolicited email attachments, and keep your anti-virus software up-to-date. Sophos detects the malware in this latest campaign as Troj/Invo-Zip and Mal/EncPk-GH.
This isn’t the first time that hackers have disguised their malware as airline tickets. For instance, back in the middle of 2008 there was a widespread campaign using a similar tactic. We made a movie at the time showing how the labs were able to protect against it.
