Original URL: http://www.theregister.co.uk/2008/12/04/zip_malware_attacks/
Booby-trapped emails fly back into fashion
Trojan assault wave takes many guises
Posted in Security, 4th December 2008 16:21 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Malicious email attachments disguised as airline ticket receipts are being spammed across the internet as part of a new attack [1]. The assault is the latest in a series of booby-trapped email attachments, which have seemingly become fashionable among VXers again, after many months of playing second-fiddle to website attacks.
The mendacious "ticket receipt" messages have a .zip file attached to them which, if opened on an unprotected Windows PC, results in infection by a Trojan horse, dubbed Invo-Zip [2] by anti-virus firm Sophos. The body text of the poison pill email claims to contain a receipt for travel tickets supposedly costing hundreds of dollars and booked through one of a number of well-known airlines.
Brands aped in the attacks include Virgin America, American Airlines, Continental Airlines and US Airways.
The ploy is similar to contract malware [3] scams detected by Sophos last week, which featured malicious .zip attachments disguised as changes to a contract. Some of these booby-trapped emails posed as messages from well-known firms like Starbucks, Apple and Google, while others claimed to be retirement plans.
Websense warned of a separate attack [4] earlier this week, in which supposed holiday coupon emails from well-known brands were actually spoofed messages loaded with a contaminated .zip file containing Trojan horse malware. ®