Malware delivered with fake hotel reservations

We wrote last week about Malware delivered with fake Craigslist fax-to-email notifications.This week’s malware delivery mechanism is a fake email notification from the well-known online hotel reservations portal booking.com.

 

The malware is delivered when you click on “Print Booking Details” via an archive which should contain the form with the reservation details. In order to fool the user to open and execute the binary file, the email contains the following text:

However in order to guarantee its keeping, you have to refresh the credit card date during 36 hours after this message receiving.

In order to create a feeling of emergency, the email also contains a warning of what would happen if the user doesn’t “print” the booking receipt:

If you do not update your credit card date, a penalty for reservation cancellation or prepayment of  126$, which is provided under the terms of booking will be imposed.

You, as a reader of this security blog, know that you should never, ever open attachments of emails, especially,  from emails that you never requested. And, if the attachment is a ZIP file and if in that file you see an executable (.exe, .pif, .scr, .com) or a known file associated with an executable (e.g.: .swf, .pdf, .jar) then you should immediately delete the email.

In this case, the executable is a Trojan detected by all Avira products as TR/Agent.23552.280.  This program downloads additional malware from various URLs and transforms you computer in a bot.

At the moment of writing this article the malicious payload is detected only by a couple of AV products (according to VirusTotal). I assume that the detection will be slowly rolled out by all products. In the meanwhile, stay safe and keep you Avira product up to date.

 

Sorin Mustaca

IT Security Expert

 

via Avira – TechBlog http://techblog.avira.com/2013/01/29/malware-delivered-with-fake-hotel-reservations/en/


© Copyright 2013 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.mustaca.com for the IT Consulting services I offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie http://de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since year 2000 in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is an independent IT Security Consultant focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close