0 Replies Latest reply on Jul 29, 2008 2:16 PM by HarryWaldron

    Airline invoices and e-tickets - Fake malware versions circulating

      :eek: The recent fake UPS bills have been adapted to appear like legitimate invoices and e-tickets a customer might expect to receive by email. Folks who have recently purchased e-tickets recently, should be especially careful.

      Airline invoices and e-tickets - Fake malware versions circulating
      http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleI d=9110883
      http://www.spyware-techie.com/genericdownloaderab-trojan-found-in-fake-invoice-a nd-airline-e-ticket-emails/
      http://www.avertlabs.com/research/blog/index.php/2008/07/25/invoice-spam-takes-f light/
      http://www.avertlabs.com/research/blog/index.php/2008/07/24/fake-invoice-spam-ca rries-malware/

      QUOTE: The e-mails, which purport to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a log-in username and password, and say the person's credit card has been charged an amount usually in the $400 range. An attachment claims to be the invoice for the ticket and credit card charge.

      However, the .zip file format attachment is a Trojan horse that steals information, including keystrokes, from the infected Windows PC and transmits that data to a server hosted in Russia, according to McAfee threat researcher Craig Schmugar.


      These messages may appear in following general format:

      From: [name] [airline_name] Airlines
      Subject: Your order from {airlines} [number]
      Online order for flight ticket [number]

      Hello, Thank you for using our new service “Buy airplane ticket Online” on our website. Your account has been created:

      Your login: [characters]
      Your password: [characters]

      Your credit card has been charged for $[number in the $400 range]
      We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the flight ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

      Kind regards,

      Attachment: E-ticket_[number].zip (containing an executable, which may have a Word document icon)