The Latest in IT Security

Fake Delta Email Leads to Sirefef, Fake AV

27
Jun
2012

There’s a fake Delta airlines email in circulation at the moment which comes with a zip attached, named “Ticket_Delta_Airlines_IN2139.zip”

Click to Enlarge

The text reads:

Hello, E-TICKET / EH065894335
SEAT / 77E/ZONE 2
DATE / TIME 20 JUNE, 2012, 09:55 AM
ARRIVING / Virginia Beach
FORM OF PAYMENT / CC
TOTAL PRICE / 276.42 USD
REF / EF.5709 ST / OK
BAG / 4PC

Your bought ticket is attached to the letter as a scan document. You can print your ticket. Thank you for using our airline company services. Delta Air Lines.

The zip contains an assortment of nasties – running the executable inside would infect it with Sirefef and (after 15 to 30 minutes or a reboot) the WinWebSecurity: Live Security Rogue, which is – as you can see below – a piece of Fake AV.

Click to Enlarge

VIPRE detects this as Dropper.Win32.Dapato.pj!1a.

Christopher Boyd (Thanks to Patrick for finding this).

Related posts:
  1. Phony Delta, American Airlines itineraries lead to malware
  2. Fake Antivirus Renewal Email Rises from the Dead
  3. The Wonder of Sirefef Plunder
  4. Fake “Beyonce Nude” Flickr Fakeout leads to Shenanigans
  5. Delta Airlines spam / inanimateweaknesses.net and complainpaywall.net

Tags:  
Written by GFI Labs blog
0 Comments

Leave a reply


Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments