Booking.com Spam Wants to Confirm a Spot for Malware on Your PC

Booking.comDid you receive a confirmation email for a hotel reservation that you don’t recall making?

Don’t worry, it doesn’t mean there’s someone parading around booking hotel reservations in your name. There is a good chance that the email is seeking to infect your PC with malware, though.

The email poses as a confirmation email from Booking.com, a hotel reservation booking website owned and operated by Priceline.com:

Subject: Hotel Reservation Confirmation
Date: Thu, 12 Jul 2012 17:51:47 +0800

We have received a reservation for your hotel.

Please refer to attached file now to acknowledge the reservation and see the reservation details:

Arrival: Tuesday, 31 July ‘12
Number of rooms: 1

Customer Service Team
Booking.com http://www.booking.com

Your reference ID is: [random string]

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases room offer free cancellation. Booking.com guarantees rates in both cities and regional destinations – ranging from small family hotels to luxury hotels.

Attached to the email is a file named Hotel-Reservation-Confirmation_from_Booking.exe, which is actually a nasty piece of malware that Sophos detects as Mal/Katusha-F.

Should Mal/Katusha-F make its way onto your PC, it will create/modify system registry keys and open a backdoor, granting an attacker remote access to the machine to do whatever they please (steal data, download additional malware, etc).

If you happen to receive one of these emails, you’re advised to:

  • Avoid downloading any attached files.
  • Delete the email immediately.
[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, internet scam, malware, phishing, spam and tagged , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
  • https://twitter.com/golders Robert Goldring

    I am getting hundreds of these each day. I wonder where they are coming from ?

©2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5