Monday, July 23, 2012 Spam Wants to Confirm a Spot for Malware on Your PC

Booking.comDid you receive a confirmation email for a hotel reservation that you don’t recall making?

Don’t worry, it doesn’t mean there’s someone parading around booking hotel reservations in your name. There is a good chance that the email is seeking to infect your PC with malware, though.

The email poses as a confirmation email from, a hotel reservation booking website owned and operated by
Subject: Hotel Reservation Confirmation
Date: Thu, 12 Jul 2012 17:51:47 +0800

We have received a reservation for your hotel.

Please refer to attached file now to acknowledge the reservation and see the reservation details:

Arrival: Tuesday, 31 July ‘12
Number of rooms: 1

Customer Service Team

Your reference ID is: [random string]

The reservation service is free of charge. We do not charge you any booking fees or administration fees, and in many cases room offer free cancellation. guarantees rates in both cities and regional destinations – ranging from small family hotels to luxury hotels.

Attached to the email is a file named Hotel-Reservation-Confirmation_from_Booking.exe, which is actually a nasty piece of malware that Sophos detects as Mal/Katusha-F.

Should Mal/Katusha-F make its way onto your PC, it will create/modify system registry keys and open a backdoor, granting an attacker remote access to the machine to do whatever they please (steal data, download additional malware, etc).

If you happen to receive one of these emails, you're advised to:

  • Avoid downloading any attached files.

  • Delete the email immediately.

[via Webroot]

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment