The Latest in IT Security

Fake Delta Email Leads to Sirefef, Fake AV

27
Jun
2012

There’s a fake Delta airlines email in circulation at the moment which comes with a zip attached, named “Ticket_Delta_Airlines_IN2139.zip”

Click to Enlarge

The text reads:

Hello, E-TICKET / EH065894335
SEAT / 77E/ZONE 2
DATE / TIME 20 JUNE, 2012, 09:55 AM
ARRIVING / Virginia Beach
FORM OF PAYMENT / CC
TOTAL PRICE / 276.42 USD
REF / EF.5709 ST / OK
BAG / 4PC

Your bought ticket is attached to the letter as a scan document. You can print your ticket. Thank you for using our airline company services. Delta Air Lines.

The zip contains an assortment of nasties – running the executable inside would infect it with Sirefef and (after 15 to 30 minutes or a reboot) the WinWebSecurity: Live Security Rogue, which is – as you can see below – a piece of Fake AV.

Click to Enlarge

VIPRE detects this as Dropper.Win32.Dapato.pj!1a.

Christopher Boyd (Thanks to Patrick for finding this).

Leave a reply


Categories

MONDAY, JULY 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks