At first glance this looked like a “standard” email-malware attack. As with many similar attacks the email pretends to be carrying an eticket attachment – this time from Delta. The zip file holds executable malware. In case we weren’t sure this is malware here are some of the giveaways:
- The “flight” predates the email by about 2 months (August 2012)
- Delta doesn’t fly to Corpus Christi (OK, I had to look that one up…)
- The very curt instructions: “you can print your ticket”
- It’s Delta not “Delta Air Lines”
At this point we would normally just file this as “eticket-email-malware”.
But wait… There’s more
There is text following that last line. It’s in a white font and so does not appear on most recipients’ screens. It reads:
- US runs a 4th straight $1 trillion-plus budget gap
- Obama team promises more aggressive president in second debate
- Feisty Biden gives Democrats a reason to smile
- Video: Issa: Budget cuts not issue in Libya attack
- Obama team promises more aggressive president in second debate
In other words legitimate looking text designed to convince spam filters that this email is somehow genuine – and what could be more legitimate and genuine that the upcoming US election. If you used a blue background on all of your screens (and we’re sure you don’t) then you would have seen it immediately.
