Juillet 23, 2012

New spam delivers fake booking.com hotel reservations

Lei Li

Now is tourist season when lots of people are using online services to book hotels or flights. The Websense® ThreatSeeker® Network has detected spammers who are using fake booking.com email addresses to send hotel reservation confirmations with malware to unsuspecting users. 

Here's what the spam email looks like:


The sample email consists of a fake confirmation letter from "booking.com," which includes random arrival and departure dates and some other information. Attached to it is a .zip file:



Decompressing the .zip file exposes a malicious executable file, Hotel-Electronic-Reservation.exe. If users click on the file to run it, malware is installed. The Websense ThreatScope Analysis Report shows the specific behavior of this malware: 

When running, the malware tries to connect to the internet to download other malware files.


It also drop files into special folders and runs them automatically:

Websense customers are protected proactively against this compromise by ACE, our Advanced Classification Engine. Our real-time analytics also proactively identify several variants of this threat, and with the ThreatSeeker Network, we receive feedback in our email solutions that blocks messages containing these URLs and malicious files. 

À propos de Forcepoint

Forcepoint est une entreprise leader en cybersécurité pour la protection des utilisateurs et des données. Son objectif est de protéger les entreprises tout en stimulant la transformation et la croissance numériques. Nos solutions s’adaptent en temps réel à la façon dont les personnes interagissent avec les données, et offrent un accès sécurisé tout en permettant aux employés de créer de la valeur.
Inline CSS for Main Menu