The Northwest Airlines malware attack

Graham Cluley
Graham Cluley
@[email protected]

We’re seeing a Trojan horse being widely spammed out at the moment posing as an email from Northwest Airlines.

The emails have the following characteristics:

From: “Northwest Airlines” <[email protected]>
Subject line: E-ticket #<randomnumber>
Attached file: or

Message body:

Sign up to our free newsletter.
Security news, advice, and tips.


Thank you for using our new service "Buy Northwest Airlines ticket Online" on our website.
Your account has been created:

Your login: <email address>
Your password: <password>

Your credit card has been charged for $XXX.XX.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Northwest Airlines

The amount that your credit card has allegedly been charged, the password and the name that signs-off at the end of the email appears to change each time.

Example of infected email

The file doesn’t contain a genuine electronic ticket of course, and your credit card has not been charged. The hackers are hoping that you will be so affronted at being charged for an airline flight that you haven’t booked that you will open the attachment without thinking.

Clicking on the attachment is not a good idea, however, as it contains the Troj/Agent-IPS Trojan horse.

Of course, there is nothing stopping the hackers from using other airline names also – so don’t make the mistake that emails apparently from Northwest Airlines are the only ones to be cautious about.

This technique of posing as an air ticket isn’t a new one. Cybercriminals tried a similar scam early last month, and back in the middle of 2008 there was a widespread campaign using a similar tactic. We made a movie at the time showing how the labs were able to protect against it.

As has been said many times before, you need to be extremely cautious of unsolicited email attachments. Always think before you click, or you could be putting your computer at risk of infection.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.