A malware-email outbreak in the past 24 hours uses phony Delta airline itineraries to entice users to click on the embedded links.
The social engineering of an attack such as this is very effective – particularly since the email looks very authentic:
- If you are planning a trip then you this will look all wrong and you might click so that you can correct the errors
- I you hadn’t ordered any tickets you might click so that you could sort out the misunderstanding and prevent any incorrect charges
The email uses a URL redirection to a malicious site that takes advantage of the Adobe Flash Exploit – CVE-2011-0611 and Java Plugin LaunchJNLP DocBase Exploit – CVE-2010-3552 to be able to download and execute a binary file from the URL “hxxp://uk—.com/w.php?f=21&e=8”. The algorithm of the exploit is used in this campaign is similar to the exploit used in NACHA payment scam. The java script on the destination page is built on the fly from the data included on the same page.
Command Antivirus detects this malware as W32/Cridex.A. This malware focuses on stealing sensitive financial data (email and online banking credentials, etc.).
Earlier in the month we received another spoofed Airline ticket email – this one “from” American Airlines:
The 2nd example includes an attached zip file “AA_Ticket_#5013.zip” which contains an application file “AA_Ticket.exe”. The extracted file displays an MS-Word document icon. Command antivirus detects this as W32/Trojan3.DAB. This malware focuses on downloading additional malware to a compromised system and is similar to the Bredolab Trojan.
Keeping your antivirus definitions up to date and updating Adobe Flash Player and JAVA Plugin to their latest versions will protect you against this threat.\
Email text of the Delta email:
Thank you for choosing Delta. We encourage you to review this information before your trip. If you need to contact Delta or check on your flight information, go to delta.com, call 800-221-1212 or call the number on the back of your SkyMilesC card.
Now, managing your travel plans just got easier. You can exchange, reissue and refund electronic tickets at delta.com. Take control and make changes to your itineraries at delta.com/itineraries.
Speed through the airport. Check-in online for your flight.
Flight Information
DELTA CONFIRMATION #: F2W579
TICKET #: 53246012375325
| Day | Date | Flight | Status | Bkng
Class |
City | Time | Meals/
Other |
Seat/
Cabin |
| — | —– | ————— | —— | —– | —————- | —— | —— | ——- |
| Sun | 26NOV | DELTA 116 | OK | U | LV NYC-KENNEDY
AR SAN FRANCISCO |
515P
916P |
F | 45A
COACH |
| Thu | 1DEC | DELTA 1837 | OK | K | LV SAN FRANCISCO
AR NYC-KENNEDY |
1230P
702A# |
V | 32A
COACH |
Baggage and check-in requirements vary by airport and airline, so please check with the operating carrier on your ticket.
Please review Delta’s check-in Requirements and baggage guidelines for details.
You must be checked in and at the gate at least 15 minutes before your scheduled departure time for travel inside the United States.
You must be checked in and at the gate at least 45 minutes before your scheduled departure time for international travel.
For tips on flying safely with laptops, cell phones, and other battery-powered devices, please visit http://SafeTravel.dot.gov.
Do you have comments about our service? Please email us to share them with us.
“““““““““““““““““““““““““““
Leave a reply
I did receive this email this morning. Thinking that it might be a credit card fraud, having flown AA recently I did try to open it on my Pro Mac. Nothing so far. How do I know if I am infected and what can I do to remove///