Delta Airlines ticket confirmation contains a new trojan variant

March 20, 2009 1 Comment

MX Lab intercepted some messages with a ticket confirmation for a flight with Delta Airlines with the attached Zip archive named Delta_eTicket.zip. The ZIP archive contains the file Delta_eTicket.exe wich is a new trojan variant under the name W32/Trojan-Gypikon-based.BA!Maximus (F-Prot), Trojan.Dropper.Delphi.Gen (McAfee GW-Edition).

Message body:

Thanks for the purchase!

Booking number: RM2R7

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

On board you will be offered:

 - beverages;
 - food;
 - daily press.

You are guaranteed top-quality services and attention on the part of our benevolent personnel.

We recommend you to print PASSENGER ITINERARY RECEIPT and take it alone to the airport. It will help you to pass control and registration procedures faster.

See you on board!
Best regards,
Delta Air Lines

Virus Total permlink and MD5:  b77960abe4e43ab60156c4c984d9166a.

Filed under Viruses Tagged with , , ,

One Response to Delta Airlines ticket confirmation contains a new trojan variant

  1. Reader says:
    March 20, 2009 at 5:59 pm

    You should note that this isn’t actually a Delta airlines confirmation but just a random malware spam (as if that wasn’t obvious from the ridiculous phrasing).

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers