Fake KLM E-mails Deliver Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Websense researchers are warning of a "significant campaign" of spam e-mails claiming to come from KLM, which contain a malicious attachment.

"The spam campaign is designed to target not only KLM customers, but also other users who are led to believe that someone utilized their credit card to purchase tickets," writes Softpedia's Eduard Kovacs.

"[The e-mail] looks pretty believable as it uses a legitimate KLM e-ticket layout, but the fake ticket is missing crucial information that is purportedly contained in the attachment (KLM-e-Ticket_.zip)," writes Help Net Security's Zeljka Zorz. "Websense researchers have analyzed two malicious binaries extracted from two different attachments used in this campaign, and have discovered that they both allow remote shell access to the compromised machine via telnet to port 8000."

"Although both of these binaries are attempting to trick users into believing that the file is a PDF file, neither uses an Adobe Reader or similar icon," writes Websense's Carl Leonard. "It is worth noting that the same binaries have been used in recent 'Microsoft Services Agreement' and 'Telstra Online Account' campaigns based on submitted filenames."

"Websense said it had intercepted 850,000 emails on 17 September alone which will constitute a small fraction of the true number being sent," writes CSO Online's John E. Dunn