14 DAY TRIAL // Internauts are being advised to be on the lookout for emails that claim to be ticket purchase confirmations from American Airlines as they bring a piece of malware that is unidentified by many security product vendors.
AppRiver discovered the large influx of messages which seems to hit inboxes, alerting users that their “order has been completed.”
The body of the message lists a few details such as flight number, electronic, date and time, arrival airport and total price.
“Please find your ticket attached. To use your ticket you should print it. Thank you for using our airline company services. American Airlines,” reads a text from the email.
Many might be tempted to quickly check out the attachment since it looks as a few hundred dollars were drawn from their credit card and that's what the cybercriminals rely on.
Instead of a ticket, the archive named AA_Ticket_#432423.zip contains a brand new piece of malware that is identified as Trojan.Anamkia. The malicious Trojan has been in many cases associated with the infamous Incognito toolkit, which not seldom deploys a piece of scareware.
Interestingly, the malware tries to connect to the same domain we've seen yesterday in the InDesign license key spam emails. This means that there's a massive campaign that attempts to infect the computers of internauts and they're not relying on a single story.
Once you see such a message, the temptation is high to quickly open the attachment, but before doing so, take a moment to think about the situation. If someone really did phish out your bank account, you're not going to resolve anything by opening the attachment.
In most situations these messages will be total fakes, your bank account being under threat only after you've opened the attachment. If you fear that your savings might be at risk, the best thing to do is to call the bank and they can confirm if any illegal transactions were made.