Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 159 - August, 2013 (1st Edition) - Page 6

Qantas 'E-Ticket Itinerary Receipt' Malware Email

Issue 159 Start Menu

Previous Article            Next Article

Email purporting to be from Australian based airline Qantas claims that recipients can view an 'E-Ticket Itinerary Receipt' by opening an attached file.

Qantas plane

© Rafael Ben-Ari

Brief Analysis
The email is not from Qantas.  The attached file contains malware.

Bookmark and Share

Subject: Qantas Departure Information - 405F9F YUV BIN 3UE


Thank you for choosing to fly with Qantas.

Attached to this e-mail you will find your E-Ticket Itinerary Receipt and the Terms and Conditions of Carriage. Each passenger travelling is required to carry a printed copy of the E-Ticket document for check-in, immigration, customs, airport security checks and duty free purchases at the airport.
We have also provided some information below to help you prepare for the first flight of your journey. Flight details for all flights in your itinerary are included in your E-Ticket Itinerary Receipt attached.


Detailed Analysis

This email, which claims to be from Australian airline Qantas, advises recipients that they can access an E-Ticket itinerary receipt and terms and conditions of travel by opening an attached file. The email includes the Qantas logo and other information and links about travelling on the airline.

However, the email is not from Qantas and the attachment does not contain flight information as claimed.  In fact, the attachment harbours malware. The attachment comes in the form of a .zip file. Unzipping this file will reveal what at first glance may appear to be an innocent PDF. However, the file is actually a malicious .exe file, not a .pdf.  In an attempt to fool potential victims, the file has a double extension (.pdf.exe). Clicking on this disguised .exe file will install the malware on the victim's computer.

The exact purpose of this malware may vary in different incarnations of the scam.  However, such malware will typically steal personal and financial information from the compromised computer and send it to the criminals operating the malware campaign. It may also download and install more malware and allow criminals to take control of the infected computer.

The goal of the criminals is to panic at least a few recipients into opening the attachment because they mistakenly believe that flights have been booked in their name without their permission or knowledge. People who have actually booked Qantas flights recently might also open the file without due care.

To make the message seem more legitimate, secondary links in the email open the genuine Qantas website.

The Qantas version is just one in a series of very similar malware emails that have targeted users in recent years. Criminals have used the names of several other airline and travel companies, including Jetstar, Delta Airlines, American Airlines and Expedia.

If your receive any unsolicited and unexpected email claiming to contain travel or flight booking information, do not open any attachments or click on any links that it contains.

Bookmark and Share

Last updated: July 25, 2013
First published: July 25, 2013
By Brett M. Christensen
About Hoax-Slayer

Jetstar 'Flight Itinerary' Malware Email
Delta Air Lines Passenger Itinerary Receipt Malware Emails
American Airlines Flight Ticket Order Malware Emails
Expedia Travel Itinerary Malware Email

Previous Article            Next Article

Issue 159 Start Menu

Pages in this issue:
  1. Warning - Grapes and Raisins Toxic to Dogs And Cats
  2. Circulating Warning Claims Antiperspirants Cause Breast Cancer
  3. Gareth & Catherine Bull Advance Fee Lottery Scam
  4. Does a Viral Video Really Depict a Snowfall in the Philippines?
  5. Wellness Company Woolies Voucher Hoax
  6. Qantas 'E-Ticket Itinerary Receipt' Malware Email
  7. The Tale of Pastor Jeremiah Steepek and the Homeless Man
  8. American Express 'Online Security Service Notification' Phishing Scam
  9. Dell Computer Giveaway Survey and Like Farming Scam
  10. Tear Drop Monument - Russian Gift to the United States
  11. Bank of America Merchant Statement Malware Email
  12. Disgraceful Hoax - 'All Facebook Companies' Donations to Help 9 Year Old Girl'
  13. 'Disneyland SuMMer Vacation' Free Tickets Like-Farming Scam
  14. MBNA 'Request to Terminate Online Card Services' Phishing Scam
  15. Burned Dog Paws Warning
  16. Tim Tams 'May Contain Traces of Human Flesh' Hoax Image
  17. Spurious Facebook Warning - 'Powerful Computer Viruses Named Trojans'
  18. Big W Samsung TV Giveaway Like-Farming Scam
  19. Siamese Pike Photograph
  20. Circulating Message Warns of Drug Called 'Molly'
  21. 'Confirm Your Apple Account' Phishing Scam
  22. Windows Live - Hotmail Account Closure Phishing Scam
  23. Circulating Internet Message Warns of Rotavirus Outbreak
  24. Facebook 'Graphic App' Privacy Warning Hoax
  25. Harvey Norman Like Farming Scam