Sophos – Once again, email users are being reminded to be wary of unsolicited email attachments – as a criminal gang spams out an attack designed to infect Windows computers.
The emails, which all have a subject line of “Charter flight reservation”, claim to be related to the reservation of a charter flight for multiple people.
However, attached to the emails is a file called Report-D9935.zip that contains malware.
Just as with another malware campaign seen this week, the messages can vary and spelling mistakes appear to have been deliberately and semi-randomly included in an attempt to avoid detection by rudimentary filters.
Here is a small sample of the many different message bodies that we have seen:
Please confirm your resrevation of charter flight.
Your secreatry has reserved a charter flight for 55 persons. We have caluclate a price for rent this trip with a Airbus A320 aircraft. More informaiton you can get from attached booklet.
Please confirm your rseervation of charter flight.
Your secrteary has reserved a charter flight for 9 persons. We have claculate a price for rent this trip with a Dassault Falcon 7X CS-DSA aircraft. More infromation you can get from attached booklet.
Please confirm your reseravtion of charter flight.
Your secreatry has reserved a charter flight for 9 persons. We have calcluate a price for rent this trip with a Learjet 60 aircraft. More infromation you can get from attached booklet.
Attached to the emails is a file called Report-D9935.zip, which contains the malware.
What the cybercriminals are banking on, of course, is that some people will open the email attachment even though they haven’t booked a plane. You can imagine how some folks would do that out of curiousity, or concerned that they might be mistakenly being charged for something expensive.
It only takes a small number of people to fall for a trick like this for it to be worthwhile for the malware spreaders.
Sophos detects the emails as spam, and proactively protects against the malware – intercepting it as Mal/Katusha-F.
Leave a reply