The evolution of malware is well underway. Initially, phishing emails claimed to be from financial institutions. Most people have now caught on to the fact that an email claiming to be from your bank probably isn't.
So the scammers and malware authors have branched out, using shipping companies, online auction sites, and other such businesses to try to sucker you in. I've written about some of these before.
A recent email I received recently has gone even further, though. Now, they're using airlines, under the auspices that you've bought a ticket, your credit card has been charged, and the invoice and ticket is attached to the email.
The email came to me with a subject line of:
Online order for airplane ticket N648365
and email body text of:
Good afternoon,
Thank you for using our new service "Buy airplane ticket Online" on our website.
Your account has been created:
Your login: This email address is being protected from spambots. You need JavaScript enabled to view it.
Your password: G6vFjbdp
Your credit card has been charged for $998.63.
We would like to remind you that whenever you order tickets on our website you get a
discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off
for the journey!
Kind regards,
Delta Air Lines
My login name was my actual email address, which I've obfuscated for security reasons.
The trojan was in an attached file, "eTicket.zip", and was 209 KiloBytes in size. When detached from the email, and saved to my computer, it was 153 KiloBytes. The size difference is due to the way email attachments are encoded to be sent.
The trojan isn't detected as of now by McAfee or Trend Micro, and while Symantec/Norton does detect it, it doesn't really know what it is for sure, as it's simply marked as "Suspicious".
The full-size image of the scan results isn't yet on the site, but it'll be there shortly.