With so many people cutting back on travel because of the high fuel prices the chance of getting a 'free' airline ticket anywhere will surely entice some percentage of people to open this attachment and get infected. If it sounds too good to be true... you know the saying.

CudaMail is currently blocking these as Trojan.Zbot variation.

- Shaun

US-CERT Current Activity

Airline E-ticket Email Attack

Original release date: July 31, 2008 at 9:15 am Last revised: July 31, 2008 at 9:15 am

US-CERT is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket.
These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user's system with malicious code.

Reports, including a posting by Sophos, indicate that these messages have the following characteristics. Please note that these attributes may change at any time.

• The subject line "E-Ticket#XXXXXXXXXX"
• An attachment named "eTicket#XXXX.zip"

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

• Install anti-virus software, and keep its virus signature file up to date.
• Do not open attachments in unsolicited email messages.
•  Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Relevant Url(s):

• www.us-cert.gov/cas/tips/ST04-014.html
• www.sophos.com/security/blog/2008/07/1604.html
• www.us-cert.gov/reading_room/emailscams_0905.pdf

====
This entry is available at

• www.us-cert.gov/current/index.html#airline_e_ticket_email_attack