Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Fake Virgin Blue Itinerary Email Soars With Malware

View all posts > 

Fake Virgin Blue Itinerary Email Soars With Malware

Posted: 13 Dec 2012 11:15 AM | Mary Grace Timcang | no comments


The Websense® ThreatSeeker® Network detected a slew of fake Virgin Blue Itinerary emails.  The email contains a malicious zip attachment called Virgin-Itinerary.pdf.zip, which contains the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe.

 

 

When clicked, the binary copies itself as svchost.exe in the c:\Documents and Settings\All Users directory and then adds a run registry key to run the sample at boot time.  More information on the behavior and activities of the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe can be found in our ThreatScope report here.  

 

 

Virgin Australia issued an advisory on this incident earlier today on Twitter:  https://twitter.com/VirginAustralia

Websense customers are protected from these and other threats by Websense ACE (Advanced Classification Engine).

 

Special thanks to: Tamas Rudnai

 

 



Leave a Comment

(required)  

Email address: (required)