We’re seeing a Trojan horse being widely spammed out at the moment posing as an email from Northwest Airlines.
The emails have the following characteristics:
Subject line: E-ticket #<randomnumber>
Attached file: Your_ETicket.zip or eTicket.zip
Message body:
Hello!
Thank you for using our new service "Buy Northwest Airlines ticket Online" on our website.
Your account has been created:
Your login: <email address>
Your password: <password>
Your credit card has been charged for $XXX.XX.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the Northwest Airlines ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards,
<name>
Northwest Airlines
The amount that your credit card has allegedly been charged, the password and the name that signs-off at the end of the email appears to change each time.
The file Your_ETicket.zip doesn’t contain a genuine electronic ticket of course, and your credit card has not been charged. The hackers are hoping that you will be so affronted at being charged for an airline flight that you haven’t booked that you will open the attachment without thinking.
Clicking on the attachment is not a good idea, however, as it contains the Troj/Agent-IPS Trojan horse.
Of course, there is nothing stopping the hackers from using other airline names also – so don’t make the mistake that emails apparently from Northwest Airlines are the only ones to be cautious about.
This technique of posing as an air ticket isn’t a new one. Cybercriminals tried a similar scam early last month, and back in the middle of 2008 there was a widespread campaign using a similar tactic. We made a movie at the time showing how the labs were able to protect against it.
As has been said many times before, you need to be extremely cautious of unsolicited email attachments. Always think before you click, or you could be putting your computer at risk of infection.