Original URL: http://www.theregister.co.uk/2008/12/04/zip_malware_attacks/
Booby-trapped emails fly back into fashion
Trojan assault wave takes many guises
Posted in Spam, 4th December 2008 16:21 GMT
Free whitepaper – Total cost of ownership of Dell, HP and IBM blade solutions
Malicious email attachments disguised as airline ticket receipts are being spammed across the internet as part of a new attack (http://www.sophos.com/blogs/gc/g/2008/12/04/email-malware-flying-high). The assault is the latest in a series of booby-trapped email attachments, which have seemingly become fashionable among VXers again, after many months of playing second-fiddle to website attacks.
The mendacious "ticket receipt" messages have a .zip file attached to them which, if opened on an unprotected Windows PC, results in infection by a Trojan horse, dubbed Invo-Zip (http://www.sophos.com/security/analyses/viruses-and-spyware/trojinvozip.html) by anti-virus firm Sophos. The body text of the poison pill email claims to contain a receipt for travel tickets supposedly costing hundreds of dollars and booked through one of a number of well-known airlines.
Brands aped in the attacks include Virgin America, American Airlines, Continental Airlines and US Airways.
The ploy is similar to contract malware (http://www.sophos.com/blogs/gc/g/2008/11/28/contract-of-many-disguises-contains-trojan-horse) scams detected by Sophos last week, which featured malicious .zip attachments disguised as changes to a contract. Some of these booby-trapped emails posed as messages from well-known firms like Starbucks, Apple and Google, while others claimed to be retirement plans.
Websense warned of a separate attack (http://securitylabs.websense.com/content/Alerts/3250.aspx) earlier this week, in which supposed holiday coupon emails from well-known brands were actually spoofed messages loaded with a contaminated .zip file containing Trojan horse malware. ®