A zip file hides a variant of the BredoZp Trojan

Oct 10, 2012 22:01 GMT  ·  By

In case you’re expecting a confirmation notification from Booking.com – and even if you’re not – you should be careful in case an email entitled “Booking Confirmation 09890543” lands in your inbox.

Unlike other Booking.com spam campaigns, the notification doesn’t contain any message. The crooks that launched this one are probably hoping that curious recipients will open the attachment to see what it contains.

As Sophos experts highlight, opening the Booking_BEDDING-INCLUSIONS.zip file is a big mistake.

The archive contains a file called Booking_BEDDING-INCLUSIONS.pdf.exe, which at first glance may appear to be a harmless PDF document, but in reality, it hides a nasty piece of malware identified as Mal/BredoZp-B.

We strongly advise users never to open files attached to unsolicited suspicious-looking emails. Remember that legitimate companies would never send out such notifications.