Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Virus alerts

August 23rd, 2012, 07:46 GMT · By

Androm Trojan Variant Comes in Fake Booking.com Emails

SHARE:

Adjust text size:

Fake Booking.com email
Enlarge picture
If you’re planning to go on vacation and you’ve booked your hotel via Booking.com, we advise you to be on the lookout for shady emails that purport to come from the company. The emails claim to represent hotel confirmations and they carry a nasty piece of malware.

The messages – entitled Hotel Reservation [123456] – appear to originate from customer.service@my.booking.com and they look like this:

Hotel Confirmation:
(Eden Rock) 8785896

Date: Wed, 22 Aug 2012 20:57:25 +0100 —
Herewith you receive the electronic reservation for your hotel. Please refer to attached file for full details.

Arrival: Friday, August 24, 2012
Departure: Sunday, August 26, 2012
Number of rooms: 1
Sincerely,
Customer Service Team
Booking.com http://www.booking.com
Your Reference ID is: 3806087

The Booking.com reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases rooms offer free cancellation.
-Booking.com guarantees the best hotel rates in both cities and regional destinations – ranging from small family hotels to luxury hotels.

MX Lab experts have analyzed these notifications and noticed that the Trojan they serve is a new version of Androm (identified by Kaspersky as Backdoor.Win32.Androm.gi). Currently, only 17 antivirus solutions detect the attached file as being a threat.

The attachment is a zip file which contains an executable named Hotel-Booking_Confirmation.exe.

Bookings.com is aware of this type of emails. The company is warning customers to be on the lookout for the clues which give away a scam’s true identity.

For instance, in fake emails the confirmation number from the subject line doesn’t match the one from the body of the text. Furthermore, legitimate notifications never contain attachments.

According to the advisory published by the company, most of the malicious emails that rely on their reputation have been found to contain the ZeuS Trojan, but obviously, the pieces of malware that are spread via such messages can vary.
FILED UNDER:
backdoor
Trojan
spam


1,749 hits
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


BBB, Airline and Wire Transaction Spam Used to Advertise Malware-Laden Site
Bogus Scan from HP ScanJet Printer Leads to Malware-Serving Russian Site
“We Can Not Charge Your Credit Card” Emails Spread Malware
Most Olympics Scams Involved Streaming Sites and Ticket Sales, Experts Found
Beware of Shady “Product Development Summits” Invitations

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use