ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

US-CERT: Beware of airline ticket e-mail scam

By | December 12, 2008, 10:45am PST

Summary: The United States Computer Emergency Readiness Team (US-CERT) has issued an alert for an e-mail scam targeting holiday travelers, warning that malware authors are using clever social engineering tactics to hijack Windows computers. In the e-mail scam, users get a .zip file attached to a message about an airline ticket and an ominous mention of a [...]

US-CERT warns of airline ticket e-mail scamThe United States Computer Emergency Readiness Team (US-CERT) has issued an alert for an e-mail scam targeting holiday travelers, warning that malware authors are using clever social engineering tactics to hijack Windows computers.

In the e-mail scam, users get a .zip file attached to a message about an airline ticket and an ominous mention of a credit card balance.  It appears to come from legitimate major airlines including Delta, JetBlue, Continental, American Airlines and Virgin America.

This .zip attachment appears to contain a purchase invoice and flight ticket. If a user opens this attachment, malicious code may be installed on the system.

The malware associated with this spam run is a Trojan downloader that’s typically used to drop other malicious programs on an infected machine.  It was previously used in e-mail scams related to fake UPS invoices.

The use of social engineering lures alongside news events and holidays is tried-and-true so it’s no surprise to see this type of scam circulating at holiday time.  However, the use of a fake “credit card balance” is somewhat unique, meant to scare unwary users into opening the rigged attachment.

US-CERT encourages users to do the following to help mitigate the risks:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Malware, Social Engineering, US-CERT, E-mail, Viruses And Worms, Online Communications, Security, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

21
Comments
Add Your Opinion

Join the conversation!

Just In

RE: US-CERT: Beware of airline ticket e-mail scam
birumut Updated - 5th May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat
View in thread
0 Votes
+ -
What Kind Of Computers Are Targeted? What Kind?
itanalyst2@... 14th Dec 2008
Oh that's right..WINDOWS.

Next story.
0 Votes
+ -
Ditto
ColdFusion_z 15th Dec 2008
Nice and safe in Linux land wink
0 Votes
+ -
One day...
jetkins 15th Dec 2008
... someone's going to come up with an exploit that'll wipe that smug grin off your faces, and you won't be able to hear yourselves cry for the roar of all the laughing from the Windows crowd.

We all know that Linux is a more secure platform; there's no need to keep on crowing about it just so you can see your names "in print". Karma is a *****.
0 Votes
+ -
SURE There Is - B/c You M$FT Bigots Just Don't Get It!
drprodny Updated - 15th Dec 2008
The Megacorp you support are corrupt bullies that make ass OSes, and toss chairs at anybody who dares tell the truth about Micro$haft's inherently anticompetitive, corrupt practices and crappy bloatware.

Use Linux - if you MUST stay on Darth Ballmer's good side for some insane reason, get a Linux Netbook. All you need it for is e-mail and Web surfing access, anyway....
0 Votes
+ -
Wrong ASSumption
jetkins 16th Dec 2008
You assume that because I take issue with the self-righteous smugness of *some* Linux users that I must be a Wintendo fanboi, but what you fail to recognize is that the folks who are constantly crowing about the superiority of Linux are no less rabid bigots than their Windoze counterparts.

Seriously, what do you think the OP hoped to achieve by chiming in with a petty display of his superiority complex, other than - as I originally said - the self-gratification of seeing his name "in print"?

That sort of petty "neener-neener" is never going to convince a Windows user to switch, and in fact is more likely to do the opposite - I know if I was on the fence, I wouldn't want to be associated with a bunch of children who resort to name-calling at every opportunity.

We have seen the enemy, and he is us.

(For the record, I use both MS and Linux, both personally and professionally, along with OS X and various virtualization platforms. Each has its uses, and while I agree that Linux is the better platform, my MS skills pay most of the bills.)
0 Votes
+ -
YOU'RE the one assuming
AzuMao 17th Dec 2008
That *nix OSs have vulnerabilities just like Windows
ones do.

That, coupled with refusing to back up your claim in
any way, is a very common Windows Fanboy stereotype.

If you don't want to come off as a deluded fanboy,
simply don't act like one.
0 Votes
+ -
Just keep telling yourself that
AzuMao 15th Dec 2008
Windows fanboys have been going on and on for the
past.. decade or so. So where's your uber exploit eh
guys
0 Votes
+ -
RE: US-CERT: Beware of airline ticket e-mail scam
bighugedave 15th Dec 2008
Wow, I MUST switch to the Linux OS now, I MUST! Comments like these make me realize how empty my life is because I don't use Linux as an OS.

You Linux worshippers are so smart! You're smarter and better than any other users out there! I want to be like you!
0 Votes
+ -
Its very easy,
rarsa 15th Dec 2008
It's very easy to smart up. Really, just start using Linux.

No need to worship it. No need to be a fan boy. Just use it and enjoy safer computing. If there are things that you still need to do in Windows. Then either dual boot or run it in a virtual.

It is not a must, but if you do you'll be glad. If you haven't done it you don't know what you are missing.

I know your post wasn't serious. Mine is. Honestly.
0 Votes
+ -
You are 100% correct.
ergodic 15th Dec 2008
I wholeheartedly agree with you. I have been using Linux for more than nine years and love it more every day.

Happy Holidays
0 Votes
+ -
Go away, troll.
AzuMao 15th Dec 2008
Shoo.
0 Votes
+ -
Use of Sandboxie to help fight this type of scam
mfanjoy 15th Dec 2008
I have come across a program called Sandboxie that allows you to run your web browser (or pretty much anything else) in a "sandbox". When you open an attachment from an email, if there is malware or a virus, etc., it does not install on your system but is instead kept within the sandbox and does not actually get access to the system.

I'm sure it is not perfect but it is an extra line of defense I use to help protect against such things.

It can be found at www.sandboxie.com.
0 Votes
+ -
Sandboxie...
fairportfan 15th Dec 2008
...is great, but i believe you can't use it on Vista. (Not that i'm ever going to get a chance to find out.)
0 Votes
+ -
Don't use IE
sxfield@... 15th Dec 2008
Go to www.pendrivelinux.com and install Linux on a flash drive. Then boot the flash drive. Your main hard drive is accessible but protected (read only), and Firefox is the browser. This is good for two reasons:
1. Your local hard drive is read only,
2. Who cares of your flash drive gets a virus? Just wipe it and reinstall Linux (only takes a few minutes). Who writes viruses for Linux, anyway?

Dennis

P.s. I have used Sandboxie, and it does work. I tried to get my kids using it. They don't understand.
0 Votes
+ -
Sandboxie WORKS with 32 bit Vista
duhovnik 16th Dec 2008
Not entirely truth. You can use Sandboxie on any 32 bit version of Vista. I did.


It does not work with in 64bit Vista with newest patches. Withouth a specific patch (KB thingie), the Sandboxie work even with the 64 bit version. Since Microsoft prevents correct function of the program, until Microsoft won't change things or workaround will be found, nothing will change on the 64-bit version.

I must say that sandboxie is great, it's definitely worth a try.
0 Votes
+ -
sandboxie?
Jim4Prez 15th Dec 2008
Meh. It is OK. However, it is closed source and cost money. How in the world can you trust your browsing security to "sandboxie"? Seriously. You know as much about sandboxie as you do some Russian malware. Only the Malware is "free" happy


Since I switched all my home computers to Leopard and one Ubuntu server, I have had no issues AT ALL. I still need WinXP do do .Net dev, so I use a VM under OS X.


Works great and if some virus/malware/adware does get in, I just wipe and start from a know good image.


Really, there is no reason to run MS Windows anymore unless you are just a gamer. If that is the case, most of you should know how to lock down your systems to an acceptable level.


Anyway, having a piss-fight over my OS vs. your OS is just stupid. All have vulnerabilities. It is just that Microsoft never focused on end-user-security if the desktop is not inside of a domain. If you have a corp. desktop, with decent admins, you should be OK. If you are a home user, well, don't use IE, use Firefox. Or even better, at your next computer upgrade, just get an iMac or a Macbook. You WILL be pleasantly surprised.
0 Votes
+ -
RE: US-CERT: Beware of airline ticket e-mail scam
half@... 15th Dec 2008
I took the plunge a few months back and was having problems. So went to a user forum for help. I was having a prob installing it
I have never met such a bigoted group of people on the net. Ok I admit I know nothing about the wee penguin,and admitted it and just got flamed. So if that is a typical Linux user response, I dont want to know.

Back to Micro$oft
0 Votes
+ -
mileage varies????
vilppuu@... 16th Dec 2008
I installed 64 bit Studio Ubuntu on a brand new AMD 64 bit
box about 8 months ago after working with Knoppix and
Ubuntu 7.08 on some other equipment. The computer
maker (ASUS) and the re-seller flatly did not support any
Linux for this model. I went to several forums and the best
one I found for my "newbie" questions was (all one line):
http://www.linuxformat.co.uk/modules.php?
op=modload&name=PNphpBB2&file=index
I got an awful lot of really friendly help, got some good
info about linux, and leads to good linux information
sources as well.
I am happy with the Linux machine. I have a Wintel and a
Mac and each machine serves different tasks.
0 Votes
+ -
What forum was that?
AzuMao 16th Dec 2008
Tell us so we can avoid it.


That's pretty atypical.
0 Votes
+ -
RE: US-CERT: Beware of airline ticket e-mail scam
Non Compos Mentis 16th Dec 2008
Ryan: "somewhat unique" is like somewhat dead or somewhat pregnant. "Unique" doesn't need a qualifier.
0 Votes
+ -
RE: US-CERT: Beware of airline ticket e-mail scam
birumut Updated - 5th May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix