E-mail about Incorrect Transaction on Credit Card by Hotel Delivers Malware
A spam mail that a hotel supposedly sent mentioning of an incorrect credit card transaction is getting dispatched globally, while aiming to contaminate end-users' PCs with malicious software, reported Naked Security on September 8, 2011.
The malevolent electronic mail poses as being sent from Chicago-based Hotel Swissotel's booking department having the caption, "Hotel Swissotel Chicago made wrong transaction."
The text of the e-mail, expressing regrets, notifies the recipient that Hotel transaction, on July 26, 2011, was charged on his credit card for a general sum of $1,857. The particular affiliate hotel was dissociated from official recognition within Booking Company because of not complying with the service agreement. Thus, the recipient requires completing an attached form and seeking funds repayment from his bank. The attachment contains an expenditure page that shows the incorrect transaction amount. The firm only intervenes to give information and doesn't hold responsibility for the Hotel making any funds deal. Expressing regrets for the trouble caused, the e-mail indicates belief that the user will be able to solve the problem.
Thereafter, it urges the recipient for taking down the online form from the attachment, completing it, followed with asking his bank for returning the sum. But understandably, there's malware in the attachment, which infects the user's computer.
Security researchers say that it's currently common to find e-mail scams of incorrect hotel transaction. Similar instances have been witnessed during 2011 and they all have one thing same i.e. a .zip file attachment with a Trojan malware.
Within the new instance, Sophos has identified that the zipped archive is Troj/Invo-Zip, while the malicious program is Troj/Zbot-AXZ.
Dissimilar from other bulk e-mail campaigns, the current one doesn't seek victim's bank account info to steal money; rather it plants one PC-virus on his system that gives the hacker access to its entire database.
Specialists state that hackers try different techniques for gaining Internet-users' trust and in spite of it appearing like they won't succeed in causing damage, users may eventually have their bank accounts raided. Hence, they're advised to treat unsolicited e-mails with suspicion, especially if the messages try to get them to view attachments.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 19-09-2011