The Websense® ThreatSeeker® Network detected a slew of fake Virgin Blue Itinerary emails.  The email contains a malicious zip attachment called Virgin-Itinerary.pdf.zip, which contains the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe.

When clicked, the binary copies itself as svchost.exe in the c:\Documents and Settings\All Users directory and then adds a run registry key to run the sample at boot time.  More information on the behavior and activities of the malicious binary file Virgin-Itinerary.pdf.XXXXX.exe can be found in our ThreatScope report here.  

Virgin Australia issued an advisory on this incident earlier today on Twitter:  https://twitter.com/VirginAustralia

Websense customers are protected from these and other threats by Websense ACE (Advanced Classification Engine).

Special thanks to: Tamas Rudnai