Delta Airlines ticket confirmation contains a new trojan variant


MX Lab intercepted some messages with a ticket confirmation for a flight with Delta Airlines with the attached Zip archive named Delta_eTicket.zip. The ZIP archive contains the file Delta_eTicket.exe wich is a new trojan variant under the name W32/Trojan-Gypikon-based.BA!Maximus (F-Prot), Trojan.Dropper.Delphi.Gen (McAfee GW-Edition).

Message body:

Thanks for the purchase!

Booking number: RM2R7

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

On board you will be offered:

 – beverages;
 – food;
 – daily press.

You are guaranteed top-quality services and attention on the part of our benevolent personnel.

We recommend you to print PASSENGER ITINERARY RECEIPT and take it alone to the airport. It will help you to pass control and registration procedures faster.

See you on board!
Best regards,
Delta Air Lines

Virus Total permlink and MD5:  b77960abe4e43ab60156c4c984d9166a.

One thought on “Delta Airlines ticket confirmation contains a new trojan variant

  1. You should note that this isn’t actually a Delta airlines confirmation but just a random malware spam (as if that wasn’t obvious from the ridiculous phrasing).

Comments are closed.