DarkFiber Consulting is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket. These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user’s system with malicious code.
Reports, including a posting by Sophos, indicate that these messages have the following characteristics. Please note that these attributes may change at any time.
- The subject line “E-Ticket#XXXXXXXXXX”
- An attachment named “eTicket#XXXX.zip”
DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:
- Install anti-virus software, and keep its virus signature file up to date.
- Do not open attachments in unsolicited email messages.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.