Follow AppRiver

AppRiver Posts In Your Inbox

Your email:

Browse by Tag

Current Articles | RSS Feed RSS Feed

Bogus Delta Airline Emails Spawn Malware Infection


An expected 42.5 million people will be traveling for the Thanksgiving holiday next week. Many of these folks will be traveling by air to their destination. In light of this, this week is perfect timing for a malware attack that poses as an email confirmation from an Airline. A few weeks ago we started monitoring a malicious email campaign that was posing as email notices from American Airlines. These messages were delivering a malware infection that has been often linked to scareware scams in the past. Today, we are seeing a new message campaign that reports to come from Delta Airlines and also poses as a ticket confirmation.

The ‘from’ address is made to appear from DeltaElectronicTicketReceipt@delta[dot]com. The message is peppered with links that lead to a website containing some malicious JavaScript, utilizing a heap spray attack and of course leading to malware installation. Our analysis of the newly added files indicates an infection of our old friend Pushdo (aka Cutwail, Pandex). Pushdo botnet has been around since 2007 and has often been known to utilize fake invoices as a preferred social engineering tactic.

Here is a look at the message:

While these types of attacks have become very common, it is a vulnerable time for people around the holidays. With so many holiday travelers flying this Thanksgiving, these messages may peak some additional interests than they ordinarily would. In addition to travel related attacks, spammers will also be looking to capitalize on fake store receipts and other shopping related attacks throughout the holidays. Be on the lookout for an escalation of this activity this holiday season.


Currently, there are no comments. Be the first to post one!
Post Comment
Website (optional)

Allowed tags: <a> link, <b> bold, <i> italics