31 July 2008
As with the recent spate of UPS themed spammed out malware, comes the E-Ticket one.
The idea is the same - ?Thanks for using our service blah blah blah ?.. here is the attached recipt/invoice?
The messages so far have a subject of ?E-Ticket #XXXXXXXXXX? and have the following outline
Thank you for using our new service ?Buy flight ticket Online? on our website.
Your account has been created:
Your login: email@example.com
Your password: somepassword
Your credit card has been charged for $474.46.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Some Prominent Airline Company
The attachment is unsurprisingly called eTicket#XXXX.zip, which contains the malware, detected as Troj/Zbot-AE.
added July 31, 2008 at 09:15 am
US-CERT is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket. These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user's system with malicious code.
Reports, including a posting by Sophos, indicate that these messages have the following characteristics. Please note that these attributes may change at any time.
The subject line "E-Ticket#XXXXXXXXXX"
An attachment named "eTicket#XXXX.zip"
US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks: