Backdoor Trojan hides as KLM e-ticket

As a lot of passengers usually book their boarding passes online and get them in digital form, it’s no wonder that malware creators often choose to provide their harmful products via fake email strategies impersonating big airline carriers.

The newest of these attempts has the shape of an e-mail apparently sent by KLM. It looks fairly credible as it uses a genuine KLM e-ticket structure, but the bogus ticket is missing essential details that is supposedly in the attached file (KLM-e-Ticket_.zip).

Websense scientists have examined two harmful binaries taken from two different attachments used in this strategy, and have found that they both allow remote shell access to the affected device via telnet on  the 8000 port.

According to the scientists, the same binaries (but under different names) have lately been used in two other harmful spam strategies impersonating Microsoft and Telstra.

“Although this scam does not specifically target KLM customers, those who have made recent ticket purchases as well as recipients who may fear that an unauthorized credit card purchase has been made could fall victim,” the researchers point out the scheme’s potential.