Threat Intelligence Blog

Loyal blog readers may remember the airline ticket notification malware scam we warned of last month. It appears the campaign is continuing to propagate, as another airline ticket confirmation notice is making the rounds this week.  The subject line observed by Cyveillance Labs was, “Your ticket #00508554 is ready” and the sender appeared as “Delta Air”.  The attachment observed was a version of the Weelsof Trojan, MD5 signature is ee1f420a7e478d73e7d00e19dcea2f91.  Details of the malware can be found on various A/V and security sites including here and here.

The body of the message is shown below:

******************

Order Notification,

ELECTRONIC TICKET NUMBER / ET-61724714
SEAT / 62E/ZONE 3
DATE / TIME 12 NOVEMBER, 2014, 11:35 PM
ARRIVING / San Jose
FORM OF PAYMENT / CC
TOTAL PRICE / 291.15 USD
REF / EF.7777 ST / OK
BAG / 5PC

Please find your ticket attached.
You can print your ticket.

Thank you
Delta Air Lines.

******************

 

Additional Posts

Snapchat Photo Leak Shines a Light on Vulnerable Third-Party Apps

After a massive photo leak dubbed “The Snappening” exposed an estimated 200,000 images from ...

Cyveillance Weekly Trends Report – October 21, 2014

Welcome to the Cyveillance Weekly Trends Report Since threat intelligence is constantly evolving, ...