Booking.com Targeted with Spam Attack over the Internet
As per Webroot a security company, an enormous spam attack is ongoing, masquerading as Booking.com the well-known agency for Internet hotel reservations, as it attempts at persuading recipients to take down one file feigning to provide details of a booking.
The fake e-mail tells the recipient that his credit card couldn't be accepted as also that he must update the date of his card. It further advises that the person should follow one web-link named "Print Booking Details" that's, however, phony as it'll take him onto the malicious software distributed through the scam.
There are indeed a few conspicuous errors in the e-mail's message body, but since some users always tend to click devoid of second thoughts they'll rather than get the booking details become infected when a Trojan gets unleashed which also pulls down more malware.
However, there's a positive aspect about the scam i.e. the majority of well-known anti-virus solutions have managed to detect the mentioned Trojan. In fact, 26 anti-virus engines of the total 46 of VirusTotal have detected the Trojan as TrojanDownloader: Win32/Kuluoz.B.
It's thus advisable that anyone receiving the spam mail must erase it wholly. Most importantly, he mustn't unzip the archive attached to see the contents since it's greatly chanced towards contaminating his Windows PC.
Meanwhile, Sophos another security company too detected the above discussed e-mail scam. According to the company, the assault represents both malware and spam, with the attached file serving Mal/DrodZp-A.
Sophos' researchers, while remarking about the ongoing e-mail campaign, state that certainly there's been such hotel booking scam attacks previously too when malware authors tried to disseminate their wares, while they'll emerge again in future. The disguise employed within the scam remains popular as the involved trick based on social engineering is effective enough to make people open the extremely harmful web-link and/or attachment. Internauts should thus become wise about the ruse, while spread the word around.
Significantly also, any e-mail attachment received from nowhere should raise suspicion in the mind of the user. Moreover, he must ensure his anti-virus solution remains up-to-date, with the most recent security patches deployed as well.