Spammers Revive Old Airline-Ticket Trick

As per news reported by COMPUTERWORLD on October 20, 2008, security firm, Trend Micro Inc., stated that hackers are repeating an old summer trick to infect users' computers with malware. They are spamming a message that pretends to be fake airline boarding passes and ticket invoices from Continental Airlines Inc.

According to Trend Micro, the spam mail expresses gratitude to the recipient for using the airline's new "Buy fly ticket Online" facility. It also offers a login user ID and password and tells the recipient that over $900 has been charged from his/her credit card. In fact, Trend Micro noted that the compressed file attachment of phony airline boarding passes and ticket invoices carries an executable file named "e-ticket.doc.exe", which in reality is a Windows worm that downloads other exploit codes onto the users' computers.

Security investigators and analysts at TrendLabs said that the trick is the double-extension of earlier tactic used to dupe user into clicking the attachment, as reported by CATLECOPS on October 20, 2008.

Meantime, during the assessment of the latest spamming tactic, security analysts at TrendLabs said that the zip file contains the worm called WORM_AUTORUN.CTO. This worm spread through removable drives as well as accesses Websites to download other malevolent files. It further exhibits the symbols of files relevant to Microsoft Word to escape detection and resultant removal.

Security experts at Trend Micro said that the words "Your credit card has been charged" inside the message text simply add concern for the Continental ticket user. As a result, user becomes convinced to examine the 'flight information' by double-clicking on the attachment.

Also, security analysts stated that this is yet another incident of 'spamming with e-tickets'. And, according to Trend Micro, the campaign is a renewed campaign since first observed in late August 2007. The airline name used at that time was Northwest Airlines, and the file attachment pointed to a fake anti-virus installation in place of a computer worm.

According to security researchers, another airline that was similarly hit in late July 2007 was Delta Airlines Inc.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 10/27/2008