Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

New Trojan in airline ticket email

Status
Not open for further replies.
wahnula

wahnula

Technical User
Jun 26, 2005
4,158
US
Be on the lookout for an email containing a verification of airline ticket purchase. The email looks like this:

Code: 
Subject: E-ticket #4731381568

Good morning,
Thank you for using our new service "Buy airplane ticket Online" on our website.
Your account has been created:

Your login: [email address]
Your password: passDFL6

Your credit card has been charged for $493.67.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Trudy Cameron
Northwest Airlines

There is a .zip attachment that contains the ZBot Trojan:


What bothers me is this made it through (3) A/V programs, our gateway McAfee on our SonicWALL, AVG on the user's PC, and Norton on mine, without being detected or any sort of warning.

The user wisely forwarded it to me before opening, but I can see lots of people falling for this one, as it states your CC has been charged. Pass the word, it's only been around for a few weeks.

Tony

Users helping Users...
 
Sort by date Sort by votes
The 'your credit card has been charged' scam has been around for several years, I havn't seen it referring to airline tickets, but basically the same thing.
I think that compressed attachments are not scanned by most email scanners.
The user has to open this and then extract it before the trojan can escape, but they should be able to manually scan it without opening the zip.


Steve: N.M.N.F.
If something is popular, it must be wrong: Mark Twain
 
Upvote 0 Downvote
most AV programs are set not to scan archives, as these can take valuable process time away or if they are freeware will not scan email attachments at all...

but still thanks for the heads up there Tony...



Ben

"If it works don't fix it! If it doesn't use a sledgehammer..."
 
Upvote 0 Downvote
They use Good Password Security LOL.. of course it's a worm/virus attempt.. have 1 with the same password but a different email address in the spam folder or work.
And of course American Airlines always sends via the Domain ssss.gouv.qc.ca... there are some that will not catch those 2 and fall for it.. ohh well..

Interested that the Credit card in this email was only supposedly charged $411.05.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
245
Mike Lewis
Mike Lewis
xit
  • Locked
  • News
New beta product from Malwarebytes 1
Replies
4
Views
204
kjv1611
kjv1611
goombawaho
  • Locked
  • News
Malware Injected Into CCleaner 3
Replies
2
Views
157
goombawaho
goombawaho
riobogmedacaliaires
  • Locked
  • Question
how to exclude folders in trend officescan 11 client side
Replies
0
Views
108
riobogmedacaliaires
riobogmedacaliaires
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
193
BionicJohn
BionicJohn

Part and Inventory Search

Sponsor

Back
Top