December 12th, 2008
The United States Computer Emergency Readiness Team (US-CERT) has issued an alert for an e-mail scam targeting holiday travelers, warning that malware authors are using clever social engineering tactics to hijack Windows computers.
In the e-mail scam, users get a .zip file attached to a message about an airline ticket and an ominous mention of a credit card balance. It appears to come from legitimate major airlines including Delta, JetBlue, Continental, American Airlines and Virgin America.
This .zip attachment appears to contain a purchase invoice and flight ticket. If a user opens this attachment, malicious code may be installed on the system.
The malware associated with this spam run is a Trojan downloader that’s typically used to drop other malicious programs on an infected machine. It was previously used in e-mail scams related to fake UPS invoices.
The use of social engineering lures alongside news events and holidays is tried-and-true so it’s no surprise to see this type of scam circulating at holiday time. However, the use of a fake “credit card balance” is somewhat unique, meant to scare unwary users into opening the rigged attachment.
US-CERT encourages users to do the following to help mitigate the risks:
- Install anti-malware software and keep the signatures up to date.
- Use extreme caution when opening attachments, even those that arrive from trust sources (these can be spoofed).
- Refer to the Recognizing and Avoiding Email Scams (.pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.