Websense’ Security Alert
March 2009 by Websense
Websense® Security Labs ThreatSeeker Network has discovered a scam involving the spread of email messages disguised as coming from Delta Airlines. As of right now, we have received more than 3000 samples in a week, and the number keeps increasing.
The email messages have the subject "Confirmation of ticket purchase at www.delta.com," and ask recipients to print a supposed "PASSENGER ITINERARY RECEIPT" attached to the message. The attachment is actually a Trojan (SHA1: d353f2758bbfb2211c6e3d59890e87080d14da85) file which still can escape detection by some antivirus products. Email recipients who run the attached Trojan will probably fall into the black hat hackers’ trap.
Websense Messaging and Websense Web Security customers are protected against this attack.