US Election used as malware smokescreen

At first glance this looked like a “standard” email-malware attack. As with many similar attacks the email pretends to be carrying an eticket attachment – this time from Delta. The zip file holds executable malware. In case we weren’t sure this is malware here are some of the giveaways:

  • The “flight” predates the email by about 2 months (August 2012)
  • Delta doesn’t fly to Corpus Christi (OK, I had to look that one up…)
  • The very curt instructions: “you can print your ticket”
  • It’s Delta not “Delta Air Lines” 

At this point we would normally just file this as “eticket-email-malware”.

But wait… There’s more

There is text following that last line. It’s in a white font and so does not appear on most recipients’ screens. It reads:

  • US runs a 4th straight $1 trillion-plus budget gap
  • Obama team promises more aggressive president in second debate
  • Feisty Biden gives Democrats a reason to smile
  • Video: Issa: Budget cuts not issue in Libya attack
  • Obama team promises more aggressive president in second debate

In other words legitimate looking text designed to convince spam filters that this email is somehow genuine – and what could be more legitimate and genuine that the upcoming US election. If you used a blue background on all of your screens (and we’re sure you don’t) then you would have seen it immediately.