Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









US Airways 'Flight Confirmation' Malware Emails

Outline
Emails purporting to be from US Airways claim to contain a flight confirmation code and suggest that users click a link to check in online and confirm reservation details.



Brief Analysis
The emails are not from US Airways. Those who click the link will be taken to bogus websites that contain a BlackHole toolkit that is used by criminals to distribute an information stealing trojan.

Bookmark and Share
Detailed analysis and references below example.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:






Last updated: 5th April 2012
First published: 5th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: US Airways reservation confirmation.

You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). Then, all you need to do is print your boarding pass and go to the gate.

Confirmation code: 963401
Check-in online: Online reservation details

Flight 2126

Departure city and time Washington, DC (DCA) 10:00PM

Depart date: 4/5/2012

US Airways Malware Email



Detailed Analysis
Emails which falsely claim to be from US Airways are currently being sent out by criminals intent on distributing malware. The emails supposedly contain a flight confirmation code and invite recipients to click a link to "Check-in online" and review reservation details.

However, the emails have no connection with US Airways. Those who fall for the ruse and follow the link will be taken to a website that advises the user to wait while the page loads. In reality, the page will redirect to several other sites until it arrives at a malicious website that harbours a BlackHole web attack toolkit. An April 5th, 2012 PC World article about this attack notes:
BlackHole is a Web attack toolkit commonly used by cybercriminals to infect people's computers with malware. The toolkit exploits vulnerabilities in outdated versions of popular browser plug-ins like Java, Flash Player or Adobe Reader.

In this particular attack, BlackHole is being used distribute an information-stealing Trojan horse called GameOver, which is based on the much older ZeuS malware.
Subject lines in the malware emails vary. US Airways has alerted customers about the fake emails on its website.

The criminals bank on the fact that many recipients, surprised to receive a notification about a flight reservation that they have never made, will click on the link to check reservation details and thereby infect their systems. And, of course, in at least a few cases, recipients may really have booked a flight and are therefore more likely to follow the link without due care and attention.

In recent months, similar malware attacks have used the names of other US airlines including Delta Air Lines and American Airlines. If you receive one of these bogus reservation emails, do not click on any links or open any attachments that it may contain.

Bookmark and Share

References
Rogue US Airways-themed Emails Distribute ZeuS-based Malware
US Airways - Scam alert
Delta Air Lines Passenger Itinerary Receipt Malware Emails
American Airlines Flight Ticket Order Malware Emails

Last updated: 5th April 2012
First published: 5th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer