US-CERT is aware of public reports indicating that a new email attackis circulating. This attack uses email messages that appear to be fromlegitimate airlines and contain information about a bogus e-ticket.These email messages instruct the user to open the attachment toobtain the e-ticket. If a user opens this attachment, a file may beexecuted to infect the user’s system with malicious code.Reports, including a posting by Sophos, indicate that these messageshave the following characteristics. Please note that these attributesmay change at any time.
* The subject line “E-Ticket#XXXXXXXXXX”
* An attachment named “eTicket#XXXX.zip”US-CERT encourages users and administrators to take the followingpreventative measures to help mitigate the security risks:
* Install anti-virus software, and keep its virus signature file up to date.
* Do not open attachments in unsolicited email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
