Sophos: Popular airlines exploited by cybercriminals in the run-up to Christmas
December 2008 by Sophos
Sophos is advising email users to be extra cautious of messages relating to air travel as a widespread malicious spam campaign claims to relay information pertaining to non-existent transactions. The emails, pretending to come from well known carriers including US Airways, Delta and Virgin, claim that the recipient has registered an account with an airline and that their credit card has been charged.
Attached to the malicious spam messages is a ZIP file which contains ’purchase invoice and your airline ticket’. However, the file, analysed by SophosLabs, contains a Trojan horse, designed to steal information or allow hackers to secretly access the victim’s computer.
"These hackers are relying on the red mist of fury to blind you from common sense," said Graham Cluley, senior technology consultant at Sophos. "Many people will be arranging flights to visit families and loved ones over the Christmas break and may think that one of these spam messages is a genuine error. Anyone who makes flight bookings online should be careful when checking their inboxes for correspondence and wary of opening attachments."
Sophos recommends that all computer users exercise caution when opening unsolicited emails, and ensure they are fully defended against attacks, including spam, phishing and malware.