From: DELTA CONFIRMATION [mailto:[email protected]]
Sent: 04 March 2013 14:27
Subject: Your Receipt and Itinerary
Thank you for choosing Delta. We encourage you to review this information before your trip.
If you need to contact Delta or check on your flight information, go to delta.com/itineraries
Now, managing your travel plans just got easier. You can exchange, reissue and refund electronic tickets at delta.com/itineraries.
Take control and make changes to your itineraries at delta.com/itineraries.
Speed through the airport. Check-in online for your flight.
DELTA CONFIRMATION #: D0514B3
TICKET #: 00920195845933
Bkng Meals/ Seat/
Day Date Flight Status Class City Time Other Cabin
— —– ————— —— —– —————- —— —— ——-
Mon 11MAR DELTA 372 OK H LV NYC-KENNEDY 820P F 19C
AR SAN FRANCISCO 8211P COACH
Fri 15MAR DELTA 1721 OK H LV LOS ANGELES 1145P V 29A
AR NYC-KENNEDY 812A# COACH
Check your flight information online at delta.com/itineraries
The email contains several links to different hacked sites, which then forward to [donotclick]inanimateweaknesses.net/closest/c93jfi2jf92ifj39ugh2jfo3g.php (report here) or [donotclick]complainpaywall.net/closest/c93jfi2jf92ifj39ugh2jfo3g.php (report here) both of which are hosted on 126.96.36.199 (Logol.ru, Russia). In my opinion 188.8.131.52/23 is a bit of a sewer and should be blocked if you can, as there are probably many other malicious sites nearby.
Of note is that the links in the email only seem to work with a correct referrer and user agent. If those are not set, then you will not end up at the malware page.
Leave a reply