Webroot is cautioning users not to fall for spam emails posing as a notification from American Airlines stating that their ticket is all set and ready for download.
This spam campaign isn’t exactly new, although previous versions may have had malicious files attached directly to the email itself.
Here’s what the current variant looks like:
Your bought ticket is attached to the letter as a scan document.
To use your ticket you should Download It.
The embedded link will prompt users to download an executable, “Electronic Ticket.exe” that only 10/46 antivirus will identify as malware.
Dr. Web antivirus detects the threat as BackDoor.Kuluoz.4. Once it has infected your system, BackDoor.Kuluoz.4 will modify system files, inject itself into system processes and connect to a list of command & control servers.
Did You Get this Spam Email?
If you received a copy of this spam email, it is advised that you:
- Do not click on any links within the email.
- Do not download any files that may be attached or linked from this email.
- Forward a copy of the email, including the header to email@example.com.
- Delete the email immediately.
If You Downloaded Any Files…
If you made the mistake of clicking the link or opening any files attached to spam emails resembling the one above, you are advised to perform a full system scan using an antivirus solution offered by one of the following vendors:
- Dr. Web
Their products are capable of detecting and removing the threat associated with this attack. Be sure to be more careful in the future!