A fake antivirus and Sirefef are "parachuted" off to unprotected computers
Spam campaigns that rely on the reputation of an airline company are highly common, but it’s clear that they still record a success, otherwise spammers wouldn’t bother launching them. This Delta Airlines example is a classic, but the payload is somewhat different from what we’ve seen before.An email that bears the subject “Ticket is ready” informs the recipient that a ticket has been purchased with his/her credit card, GFI Labs experts report.
“Your bought ticket is attached to the letter as a scan document. You can print your ticket. Thank you for using our airline company services. Delta Air Lines,” reads the notification.
As expected, the attachment is not a real ticket, but a malicious element. In this case, it’s a executable that hides the Sirefef and another file that’s actually a fake antivirus identified as Live Security Rogue of the WinWebSecurity family.
If, by mistake, you have already taken the bait, the best thing you can do is to try and remove the threat using an up-to-date antivirus or maybe a rescue disk. But whatever you do, don’t purchase or register the shady security software.