RESEARCH BLOG

Your Flight Order

Your Flight Order

How many times have people been warned not to open suspicious emails?

Email threats have existed for quite some time. There are warnings about email threats everywhere in the media. Most people, even those new to computer use, know about the danger but are still tricked by the social engineering techniques that some smart malware creators use. As a result, the user’s machines are infected over and over again.

Although the subjects of these emails may vary, their main purpose is the same – to trick the recipient. Trick them into believing that the email is real and from a secure source. Sometimes malware writers keep the subjects simple, like “Order N6789” or “Ticket N6765” or even “Your flight Order N9897.”

For example, one of our customers had been waiting for their flight confirmation after purchasing tickets from the internet. He then received an email with “Your flight Order” as the subject. He opened it. Unfortunately, this email got through the customer’s mail server and did not look suspicious to him.

 

your flight order email

 

Even the fact that attachment was within a ZIP archive – it did not seem suspicious to our customer but when trying to download this attachment our AV software detected malicious files and our customer’s computer was saved.

Without this Anti-Virus protection, the recipient of this email would have discovered the following file:

your flight order file

 

With the use of a fake icon, this file looks like a real PDF document, but it is not a document, not at all! Total Defense’s ISS detected this file as “Win32/Ransom.IOINQCC Trojan”, a file that belongs to a huge and dangerous malware family. Once executed, this malicious file will attempt to lower the security levels of the infected computer, try to download and execute other various programs and files without the user’s knowledge and finally give complete control of the infected computer to the cyber-criminal.

This email also included a malicious link. This link pointed the user to a fake internet site that is used to deceive users and get their personal information.

Everyone needs to be more careful when opening incoming emails. Remember, never open emails from unknown sources and always keep your AV software updated and enabled at all times.

 

By Alex Polischuk.