The Latest in IT Security

American Airlines spam / ghanarpower.net

02
Jul
2012

This fake spam leads to malware on ghanarpower.net:

Date:      Mon, 2 Jul 2012 16:54:15 +0200
From:      “Cornelius Meyers” <[email protected]>
Subject:      Online American Airlines receipt.

   
Record Locator: MWNMLP

Date of Issue: 2JULY12

Thank you for choosing American Airlines / American Eagle, a member of the oneworld� Alliance.

This receipt is for the purchase of your Preferred Seat(s) which are detailed on your itinerary and receipt confirmation.

If you have any questions regarding your reservations, please call 1-800-433-7300 or visit www.aa.com.

   

   

   
Record Locator: MWNMLP

PASSENGER
CHADBOURN HAWLEY
   
DOCUMENT NUMBER / DATE
0010634774011/2JULY12
   
DESCRIPTION
PREFERRED SEATS
   
AMOUNT
17.67 USD
   
TAX
1.33
   
TOTAL
19.00 USD

Payment Type: Visa XXXXXXXXXXXX1392     Total: $19.00

================

Date:      Mon, 2 Jul 2012 17:59:25 +0430
From:      “Spencer Hurley” <[email protected]>
Subject:      Preferred seat purchase receipt.

   
Record Locator: XTSPJI

Date of Issue: 2JULY12

Thank you for choosing American Airlines / American Eagle, a member of the oneworld� Alliance.

This receipt is for the purchase of your Preferred Seat(s) which are detailed on your itinerary and receipt confirmation.

If you have any questions regarding your reservations, please call 1-800-433-7300 or visit www.aa.com.

   

   

   
Record Locator: XTSPJI

PASSENGER
CHADBOURN HAWLEY
   
DOCUMENT NUMBER / DATE
0010634774011/2JULY12
   
DESCRIPTION
PREFERRED SEATS
   
AMOUNT
17.67 USD
   
TAX
1.33
   
TOTAL
19.00 USD

Payment Type: Visa XXXXXXXXXXXX1293     Total: $19.00

The malicious payload is the same as used in this attack – blocking it and the related IPs and domains is probably wise.

Leave a reply


Categories

THURSDAY, APRIL 26, 2018

Featured

Archives

Latest Comments

Social Networks