Airlines warn customers of infected ticket invoices
Attachment contains same Trojan horse that stole 1.6M records from Monster.com last year
Computerworld - Several airlines, including Delta Air Lines Inc. and Northwest Airlines Corp., have warned customers that bogus e-mails posing as ticket invoices contain malware and urged them to immediately delete the messages.
The e-mails, which purport to be from an airline, thank the recipient for using a new "Buy flight ticket Online" service on the airline's site, provide a log-in username and password, and say the person's credit card has been charged an amount usually in the $400 range. An attachment claims to be the invoice for the ticket and credit card charge.
However, the .zip file format attachment is a Trojan horse that steals information, including keystrokes, from the infected Windows PC and transmits that data to a server hosted in Russia, according to McAfee threat researcher Craig Schmugar. McAfee has pegged the malware as "Spy-Agent.bw," but other security firms have given it different names. For example, Symantec Corp. has labeled the same Trojan horse as "Infostealer.Monstres."
Infostealer.Monstres first made a name for itself almost a year ago, when it was used to rip off more than 1.6 million customer records from Monster Worldwide Inc., the company that operates the popular Monster.com recruiting Web site.
"Customers should be aware that these e-mails are not coming from the airline," said Al Lenza, vice president of e-commerce at Northwest, in a statement last week. "NWA itineraries are specific and contain information that a customer will recognize. If the format does not look familiar to you, and you have not recently purchased a ticket, do not open the attachment. Delete the e-mail right away."
Other airlines that issued warnings include Delta, Sun Country Airlines and Midwest Airlines Inc. "Be assured that Sun Country did not send this e-mail and charged nothing to your credit card," an alert posted to Mendota Heights, Minn.-based Sun Country's site read. "We have reported these e-mails to Yahoo, Hotmail and the United States Computer Emergency Readiness Team."
Earlier last week, McAfee raised the alarm about a similar spam run of e-mails harboring the same Trojan horse. That campaign, however, sent messages posing as invoices from package delivery company United Parcel Service Inc.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts