With so many people cutting back on travel because of the high fuel
prices the chance of getting a 'free' airline ticket anywhere will
surely entice some percentage of people to open this attachment and get
infected. If it sounds too good to be true... you know the saying.
CudaMail is currently blocking these as Trojan.Zbot variation.
- Shaun
US-CERT Current Activity
Airline E-ticket Email Attack
Original release date: July 31, 2008 at 9:15 am Last revised: July 31, 2008 at 9:15 am
US-CERT is aware of public reports indicating that a new email attack
is circulating. This attack uses email messages that appear to be from
legitimate airlines and contain information about a bogus e-ticket.
These email messages instruct the user to open the attachment to obtain
the e-ticket. If a user opens this attachment, a file may be executed
to infect the user's system with malicious code.
Reports, including a posting by Sophos, indicate that these messages
have the following characteristics. Please note that these attributes
may change at any time.
- The subject line "E-Ticket#XXXXXXXXXX"
- An attachment named "eTicket#XXXX.zip"
US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:
- Install anti-virus software, and keep its virus signature file up to date.
- Do not open attachments in unsolicited email messages.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Relevant Url(s):
====
This entry is available at