Phony Delta, American Airlines itineraries lead to malware

A malware-email outbreak in the past 24 hours uses phony Delta airline itineraries to entice users to click on the embedded links. 

The social engineering of an attack such as this is very effective – particularly since the email looks very authentic:

  • If you are planning a trip then you this will look all wrong and you might click so that you can correct the errors
  • I you hadn’t ordered any tickets you might click so that you could sort out the misunderstanding and prevent any incorrect charges

The email uses a URL redirection to a malicious site that takes advantage of the Adobe Flash Exploit – CVE-2011-0611 and Java Plugin LaunchJNLP DocBase Exploit – CVE-2010-3552 to be able to download and execute a binary file from the URL “hxxp://uk—.com/w.php?f=21&e=8”. The algorithm of the exploit is used in this campaign is similar to the exploit used in NACHA payment scam. The javascript on the destination page is built on the fly from the data included on the same page.

Command Antivirus detects this malware as W32/Cridex.A. This malware focuses on stealing sensitive financial data (email and online banking credentials, etc.).

Earlier in the month we received another spoofed Airline ticket email – this one “from” American Airlines:

The 2nd example includes an attached zip file “AA_Ticket_#5013.zip” which contains an application file “AA_Ticket.exe”. The extracted file displays an MS-Word document icon. Command antivirus detects this as W32/Trojan3.DAB. This malware focuses on downloading additional malware to a compromised system and is similar to the Bredolab Trojan.

Keeping your antivirus definitions up to date and updating Adobe Flash Player and JAVA Plugin to their latest versions will protect you against this threat.

Email text of the Delta email:

Thank you for choosing Delta. We encourage you to review this information before your trip. If you need to contact Delta or check on your flight information, go to delta.com, call 800-221-1212 or call the number on the back of your SkyMiles© card.

Now, managing your travel plans just got easier. You can exchange, reissue and refund electronic tickets at delta.com. Take control and make changes to your itineraries at delta.com/itineraries.

Speed through the airport. Check-in online for your flight.

Flight Information

DELTA CONFIRMATION #: F2W579
TICKET #: 53246012375325

Day Date Flight Status

Bkng

Class

City Time

Meals/

Other

Seat/

Cabin

—– ————— —— —– —————- —— —— ——-
Sun 26NOV DELTA 116 OK U

LV NYC-KENNEDY

AR SAN FRANCISCO

515P

916P

F

45A

COACH

Thu 1DEC DELTA 1837 OK K

LV SAN FRANCISCO

AR NYC-KENNEDY

1230P

702A#

V

32A

COACH

Baggage and check-in requirements vary by airport and airline, so please check with the operating carrier on your ticket.

Please review Delta’s check-in Requirements and baggage guidelines for details.

You must be checked in and at the gate at least 15 minutes before your scheduled departure time for travel inside the United States.

You must be checked in and at the gate at least 45 minutes before your scheduled departure time for international travel.

For tips on flying safely with laptops, cell phones, and other battery-powered devices, please visit http://SafeTravel.dot.gov.

Do you have comments about our service? Please email us to share them with us.

“““““““““““““““““““““““““““