Websense Security Labs™ ThreatSeeker™ Network detected a slew of fake Virgin Blue Itinerary emails. The email contains a malicious zip attachment called Virgin-Itinerary.pdf.zip, which contains the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe.
When clicked, the binary copies itself as svchost.exe in the c:\Documents and Settings\All Users directory and then adds a run registry key to run the sample at boot time. More information on the behavior and activities of the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe can be found in our ThreatScope report here.
Virgin Australia issued an advisory on this incident earlier today via their twitter page: https://twitter.com/VirginAustralia
Websense customers are protected from these and other threats by ACE, our Advanced Classification Engine.
Special thanks to: Tamas Rudnai
Leave a reply