The Latest in IT Security

Phony Delta, American Airlines itineraries lead to malware

17
Nov
2011

A malware-email outbreak in the past 24 hours uses phony Delta airline itineraries to entice users to click on the embedded links.

The social engineering of an attack such as this is very effective – particularly since the email looks very authentic:

  • If you are planning a trip then you this will look all wrong and you might click so that you can correct the errors
  • I you hadn’t ordered any tickets you might click so that you could sort out the misunderstanding and prevent any incorrect charges

The email uses a URL redirection to a malicious site that takes advantage of the Adobe Flash Exploit – CVE-2011-0611 and Java Plugin LaunchJNLP DocBase Exploit – CVE-2010-3552 to be able to download and execute a binary file from the URL “hxxp://uk—.com/w.php?f=21&e=8”. The algorithm of the exploit is used in this campaign is similar to the exploit used in NACHA payment scam. The java script on the destination page is built on the fly from the data included on the same page.

Command Antivirus detects this malware as W32/Cridex.A. This malware focuses on stealing sensitive financial data (email and online banking credentials, etc.).

Earlier in the month we received another spoofed Airline ticket email – this one “from” American Airlines:

The 2nd example includes an attached zip file “AA_Ticket_#5013.zip” which contains an application file “AA_Ticket.exe”. The extracted file displays an MS-Word document icon. Command antivirus detects this as W32/Trojan3.DAB. This malware focuses on downloading additional malware to a compromised system and is similar to the Bredolab Trojan.

Keeping your antivirus definitions up to date and updating Adobe Flash Player and JAVA Plugin to their latest versions will protect you against this threat.\

Email text of the Delta email:

Thank you for choosing Delta. We encourage you to review this information before your trip. If you need to contact Delta or check on your flight information, go to delta.com, call 800-221-1212 or call the number on the back of your SkyMilesC card.

Now, managing your travel plans just got easier. You can exchange, reissue and refund electronic tickets at delta.com. Take control and make changes to your itineraries at delta.com/itineraries.

Speed through the airport. Check-in online for your flight.

Flight Information

DELTA CONFIRMATION #: F2W579
TICKET #: 53246012375325

Day Date Flight Status Bkng  

Class

City Time Meals/  

Other

Seat/  

Cabin

—– ————— —— —– —————- —— —— ——-
Sun 26NOV DELTA 116 OK U LV NYC-KENNEDY  

AR SAN FRANCISCO

515P  

916P

F 45A  

COACH

Thu 1DEC DELTA 1837 OK K LV SAN FRANCISCO  

AR NYC-KENNEDY

1230P  

702A#

V 32A  

COACH

Baggage and check-in requirements vary by airport and airline, so please check with the operating carrier on your ticket.

Please review Delta’s check-in Requirements and baggage guidelines for details.

You must be checked in and at the gate at least 15 minutes before your scheduled departure time for travel inside the United States.

You must be checked in and at the gate at least 45 minutes before your scheduled departure time for international travel.

For tips on flying safely with laptops, cell phones, and other battery-powered devices, please visit http://SafeTravel.dot.gov.

Do you have comments about our service? Please email us to share them with us.

“““““““““““““““““““““““““““

 

 

  1. Robert February 6, 2012

    I did receive this email this morning. Thinking that it might be a credit card fraud, having flown AA recently I did try to open it on my Pro Mac. Nothing so far. How do I know if I am infected and what can I do to remove///

Leave a reply


Categories

SUNDAY, DECEMBER 15, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments