Did you receive a confirmation email for a hotel reservation that you don’t recall making?
Don’t worry, it doesn’t mean there’s someone parading around booking hotel reservations in your name. There is a good chance that the email is seeking to infect your PC with malware, though.
The email poses as a confirmation email from Booking.com, a hotel reservation booking website owned and operated by Priceline.com:
Subject: Hotel Reservation Confirmation
Date: Thu, 12 Jul 2012 17:51:47 +0800
We have received a reservation for your hotel.
Please refer to attached file now to acknowledge the reservation and see the reservation details:
Arrival: Tuesday, 31 July ‘12
Number of rooms: 1
Customer Service Team
Your reference ID is: [random string]
The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases room offer free cancellation. Booking.com guarantees rates in both cities and regional destinations – ranging from small family hotels to luxury hotels.
Attached to the email is a file named Hotel-Reservation-Confirmation_from_Booking.exe, which is actually a nasty piece of malware that Sophos detects as Mal/Katusha-F.
Should Mal/Katusha-F make its way onto your PC, it will create/modify system registry keys and open a backdoor, granting an attacker remote access to the machine to do whatever they please (steal data, download additional malware, etc).
If you happen to receive one of these emails, you’re advised to:
- Avoid downloading any attached files.
- Delete the email immediately.