US-CERT: Beware of airline ticket e-mail scam

In the e-mail scam, users get a .zip file attached to a message about an airline ticket and an ominous mention of a credit card balance.  It appears to come from legitimate major airlines including Delta, JetBlue, Continental, American Airlines and Virgin America.

This .zip attachment appears to contain a purchase invoice and flight ticket. If a user opens this attachment, malicious code may be installed on the system.

The malware associated with this spam run is a Trojan downloader that's typically used to drop other malicious programs on an infected machine.  It was previously used in e-mail scams related to fake UPS invoices.

The use of social engineering lures alongside news events and holidays is tried-and-true so it's no surprise to see this type of scam circulating at holiday time.  However, the use of a fake "credit card balance" is somewhat unique, meant to scare unwary users into opening the rigged attachment.

US-CERT encourages users to do the following to help mitigate the risks:

• • • Install anti-malware software and keep the signatures up to date.
    • Use extreme caution when opening attachments, even those that arrive from trust sources (these can be spoofed).
    • Refer to the Recognizing and Avoiding Email Scams (.pdf) document for more information on avoiding email scams.
    • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.