Mass Fake Delta Airlines Ticket Confirmation Email Message

Date:03.05.2009

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a scam involving the spread of email messages disguised as coming from Delta Airlines. As of right now, we have received more than 3000 samples in a week, and the number keeps increasing.

The email messages have the subject "Confirmation of ticket purchase at www.delta.com," and ask recipients to print a supposed "PASSENGER ITINERARY RECEIPT" attached to the message. The attachment is actually a Trojan (SHA1: d353f2758bbfb2211c6e3d59890e87080d14da85) file which still can escape detection by some antivirus products. Email recipients who run the attached Trojan will probably fall into the black hat hackers' trap.

Screenshot of the fake email:

Websense Messaging and Websense Web Security customers are protected against this attack.

•  Subscribe to this feed »