Get a Break from the Chaos of RSA and Meet with Forcepoint at the St. Regis.

Close
X-Labs
Julio 23, 2012

New spam delivers fake booking.com hotel reservations

Lei Li

Now is tourist season when lots of people are using online services to book hotels or flights. The Websense® ThreatSeeker® Network has detected spammers who are using fake booking.com email addresses to send hotel reservation confirmations with malware to unsuspecting users. 

Here's what the spam email looks like:

 

The sample email consists of a fake confirmation letter from "booking.com," which includes random arrival and departure dates and some other information. Attached to it is a .zip file:

 

 

Decompressing the .zip file exposes a malicious executable file, Hotel-Electronic-Reservation.exe. If users click on the file to run it, malware is installed. The Websense ThreatScope Analysis Report shows the specific behavior of this malware: 

When running, the malware tries to connect to the internet to download other malware files.

 

It also drop files into special folders and runs them automatically:

Websense customers are protected proactively against this compromise by ACE, our Advanced Classification Engine. Our real-time analytics also proactively identify several variants of this threat, and with the ThreatSeeker Network, we receive feedback in our email solutions that blocks messages containing these URLs and malicious files. 

Acerca de Forcepoint

Forcepoint es la compañía líder en ciberseguridad de protección de datos y usuarios, encargada de proteger a las organizaciones a la vez que impulsa la transformación digital y el crecimiento. Nuestras soluciones se adaptan en tiempo real a la manera en que las personas interactúan con los datos, y proporcionan un acceso seguro a la vez que permiten que los empleados generen valor.