Airline spammers are trying again to trick consumers into infecting their computers with malicious software. The scam involves an email with phony airline ticket invoices and boarding passes–and a warning that the purchase has been charged to the recipient’s credit card–a security company said today.

Trend Micro Inc.’s researchers caught spammed email messages featuring bogus eTickets supposedly from Continental Airlines, the fourth-largest airline in the US. The message thanks the recipient for trying a new service called “Buy flight ticket Online” and provides account details, including a log-in and password.

Consumers were hit by a similar malware attack last summer when hackers sent spam that masqueraded as mail from several other airlines, including Hawaiian, Delta, Northwest and JetBlue.

The rogue airline messages instruct recipients to print an attached .zip file that allegedly includes an invoice and “flight ticket.” But Trend Micro warns the files are actually Windows worms that download and install malware to computers.

Consumers would likely ignore the unsolicited messages if it weren’t for the ominous warning that their credit cards have been charged more than $900 for the tickets. “The phrase ‘Your credit card has been charged …’ will just add more worry for the user, convincing him more to examine [and] double-click the ‘flight details,” said Joey Costoya, a Trend Micro researcher, in an entry in the company’s security blog.

Trend Micro detects the file in the zipped attachment as WORM_AUTORUN.CTO. This worm propagates via removable drives and accesses websites to download other possibly malicious files. It also displays the icon of files related to Microsoft Word to avoid easy detection and consequent removal.

Trend Micro’s advice: Don’t open the attachment and delete the email.

Bookmark: