Home Archive ‘Buy Airplane Ticket Online’ Trojan Email

‘Buy Airplane Ticket Online’ Trojan Email

by Brett M. Christensen

Email claims that the recipient has purchased an airline ticket online and should open an attached file to view an invoice and print out the ticket (Full commentary below).

Brief Analysis:
False – Attachment contains a trojan

Subject: E-ticket #4731381568

Good morning,
Thank you for using our new service “Buy airplane ticket Online” on our website.
Your account has been created:

Your login: [email address]
Your password: passDFL6

Your credit card has been charged for $493.67.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%! Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Trudy Cameron
Northwest Airlines

Detailed Analysis:
This unsolicited email supposedly advises the recipient that his credit card has been charged for an airline ticket ordered via a specified airline’s online ticket service. The message instructs the recipient to open an attached file in order to view an invoice and print out the purchased ticket.

However, the email is not from an airline and the claim that the recipient’s credit card has been used to purchase an airline ticket is untrue. The attachment that arrives with the email does not contain an invoice or airline ticket. Instead, opening the attachment can install a variant of the ZBot trojan on the user’s computer. The trojan creates files on the infected computer, modifies the Windows registry and allows backdoor connections to and from a remote server.

The malicious email users the names of several different airlines and the amount supposedly charged to the user’s credit card may also vary. The message is designed to panic recipients into opening the attachment without due care and attention. Believing that their credit card has been mistakenly charged for an airline ticket that they did not order, some recipients may open the attachment in the hope of gaining more information about the supposed purchase.

If you receive this email, or one similar to it do not open any attachments that it may carry or click on any links that the message may contain.

Last updated: 29th July 2008
First published: 29th July 2008
By Brett M. Christensen
About Hoax-Slayer

ZBot trojan attached to flight ticket confirmation
NWA, Sun: Don’t open e-mail, it’s a scam

Since you’ve read this far…

…can I ask you for a big favour?

To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.

If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.

You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.

Brett Christensen