Share

Top 5 Stories

News

FBI warns of renewed fake American Airlines email attack

09 January 2013

The FBI has warned that new malware is making the rounds, embedded within faux emails from American Airlines claiming to send order confirmations.

The phishing email is sent from the spoofed address "American Airlines," the FBI noted, and features the AA logo and an HTML skin with a button to click. But it doesn’t look like official AA emails, lacking the formatting and professional look of the real thing.

The malware was first discovered by MX Lab in November, when it intercepted some samples of fake order confirmation emails with links that lead the user to a host with an embedded Javascript that will download the malicious payload: a ZIP file with the innocuous name of AA_Electronic_Ticket.zip. That extracts to AA_Electronic_Ticket.exe, which installs a trojan is known as Spyware/Win32.Zbot, Win32/TrojanDownloader.Zortob.B or Trojan.Generic.KDV.783582.

The HTML also, bizarrely, contains three paragraphs of nonsensical text hidden from the user. A sample:

“Youl aske me why I rather choose to haue A weight of carrion flesh, then to receiue Three thousand DucatsIle not answer that But say it is my humor; Is it answered What if my house be troubled with a Rat, And I be pleasd to giue ten thousand Ducates To haue it baind What, are you answerd yet Some men there are loue not a gaping Pigge Some that are mad, if they behold a Cat And others, when the bag-pipe sings ith nose, Cannot containe their Vrine for affection. Masters of passion swayes it to the moode Of what it likes or loaths, now for your answer As there is no firme reason to be rendred Why he cannot abide a gaping Pigge…”

The attack has lingered on, sparking the FBI warning. The bottom line? If you haven't ordered a ticket from American Airlines, then don't click the link. And if you have, remember that there is no such thing as a downloadable e-ticket – any correspondence asking you to do so rather than view your information online should serve as a red flag.

This article is featured in:
Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security

 

Comments

Mahargs Drawde says:

10 January 2013
Intresting artical, but I must say this is the first time I have heard The Merchant of Venice referred to as "Nonsensical Text"!

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×