American Airlines Spam Delivers Malware

Barracuda Labs researchers recently came across impressively convincing fake ticket confirmation e-mails from American Airlines, which link to a subdomain of

“The intent of the URL is to draw your eye towards the part that says, even though that domain has nothing to do with the link,” note Barracuda’s Luis Chapetti and Dave Michmerhuizen. “The actual attacks are delivered from a long subdomain that starts with….., which also attempts to disguise that they come from a malicious domain registered only days earlier.”

The body of the e-mail reads, “Thank you for making your travel arrangements on! Your requested itinerary is now ON HOLD. Details below. To ensure that your reservation is not canceled you must complete the purchase of this reservation by clicking the ‘Purchase’ button on this email, or by using the ‘View/Change Reservations’ section on”

All links in the e-mail actually lead to sites hosting the Blackhole exploit kit, which looks for ways to exploit the victim’s browser.

To stay safe, Chapetti and Michmerhuizen advise, don’t click on links in unsolicited e-mails, no matter how convincing they may seem — always visit the relevant Web site directly, rather than clicking on a link in an e-mail.

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles