Fake Virgin Blue Itinerary Email Soars With Malware

Forcepoint

The Websense® ThreatSeeker® Network detected a slew of fake Virgin Blue Itinerary emails. The email contains a malicious zip attachment called Virgin-Itinerary.pdf.zip, which contains the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe.

When clicked, the binary copies itself as svchost.exe in the c:\Documents and Settings\All Users directory and then adds a run registry key to run the sample at boot time. More information on the behavior and activities of the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe can be found in our ThreatScope report here.

Virgin Australia issued an advisory on this incident earlier today on Twitter: https://twitter.com/VirginAustralia

Websense customers are protected from these and other threats by Websense ACE (Advanced Classification Engine).

Special thanks to: Tamas Rudnai

Forcepoint

Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

Learn more about Forcepoint

Fake Virgin Blue Itinerary Email Soars With Malware

Forcepoint

About Forcepoint

Sign up for the latest from our research and development team

To the Point Cybersecurity

X-Labs

Get insight, analysis & news straight to your inbox

You are here

Forcepoint

About Forcepoint

Sign up for the latest from our research and development team