14 DAY TRIAL // Last week, we learned about a Cutwail-powered spam campaign designed to spread malware on the computers of Swiss and German users with the aid of bogus T-Mobile and Swisscom notifications. The campaign continues with other fake emails.
Abuse.ch reports that it has identified fake hotel.de booking emails that appear to be connected with the T-Mobile and Swisscom spam run.
The notifications, entitled “Hotel.de Reservierung [98588048],” inform recipients that a hotel reservation has been made with their credit card.
The file attached to the emails, called HotelReservierung8266035.pdf.zip, has nothing to do with a reservation, or hotel.de. Instead, the archive hides a Trojan that’s linked to the Andromeda botnet.
Once executed, the Trojan downloads additional malware such as Citadel.
Fortunately, properly configured spam filters should ensure that the spammy emails don’t land in inboxes.
Additional technical details and the list of domains that should be blacklisted on the web gateway are available on Abuse.ch.