December 13, 2012

Fake Virgin Blue Itinerary Email Soars With Malware


The Websense® ThreatSeeker® Network detected a slew of fake Virgin Blue Itinerary emails.  The email contains a malicious zip attachment called Virgin-Itinerary.pdf.zip, which contains the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe.

When clicked, the binary copies itself as svchost.exe in the c:\Documents and Settings\All Users directory and then adds a run registry key to run the sample at boot time.  More information on the behavior and activities of the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe can be found in our ThreatScope report here.  

Virgin Australia issued an advisory on this incident earlier today on Twitter:  https://twitter.com/VirginAustralia

Websense customers are protected from these and other threats by Websense ACE (Advanced Classification Engine).


Special thanks to: Tamas Rudnai


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.