« You Did NOT Win a FREE $1000 Apple iPad 2! | Main | Phony Invoice Malware Delivery »

November 03, 2011

Today I saw the umpteenth variation of a long-running campaign designed to trick recipients into opening a dangerous attached file. This one tries to get your adrenalin flowing by claiming to be an airline ticket ready for you to use to JFK in New York:

From: "American Airlines" <report-no.754@aa.com>
Subject: Order has been completed

Hello,

FLIGHT NUMBER 983
ELECTRONIC 566673600
DATE & TIME / NOVEMBER 09, 2011, 11:53 PM
ARRIVING / NEW YORK JFK
TOTAL PRICE / 214.34 USD

Your bought ticket is attached to the letter as a scan document.
To use your ticket you should print it.

Thank you for using our airline company services.
American Airlines.

[attached file: AA_Ticket_#3713.zip]

I assume that various numbers in the message will vary from message to message.

Logic dictates that if an airline were to send you this kind of information, it would mention the departure city. Perhaps this is part of the lure to malware file: gotta click it to find out if the ticket is from your nearest airport, right?

Additionally, a quick check with the American Airlines web site reveals that the flight number in my message is for a trip that goes from Minneapolis to Miami to Guatemala City. You'd have a tough time getting off at JFK in the hopes of snagging a "Book of Mormon" ticket.

Opening that file is a one-way ticket to Hell (not the one in Michigan).