Get a Break from the Chaos of RSA and Meet with Forcepoint at the St. Regis.

July 23, 2012

New spam delivers fake hotel reservations

Lei Li

Now is tourist season when lots of people are using online services to book hotels or flights. The Websense® ThreatSeeker® Network has detected spammers who are using fake email addresses to send hotel reservation confirmations with malware to unsuspecting users. 

Here's what the spam email looks like:


The sample email consists of a fake confirmation letter from "," which includes random arrival and departure dates and some other information. Attached to it is a .zip file:



Decompressing the .zip file exposes a malicious executable file, Hotel-Electronic-Reservation.exe. If users click on the file to run it, malware is installed. The Websense ThreatScope Analysis Report shows the specific behavior of this malware: 

When running, the malware tries to connect to the internet to download other malware files.


It also drop files into special folders and runs them automatically:

Websense customers are protected proactively against this compromise by ACE, our Advanced Classification Engine. Our real-time analytics also proactively identify several variants of this threat, and with the ThreatSeeker Network, we receive feedback in our email solutions that blocks messages containing these URLs and malicious files. 

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.