The bogus email, which appears to come from Continental Airlines,
thanks the recipient for using the new `Buy flight ticket online'
service and confirms their card has been charged with more than $900.
According to Trend Micro, which discovered the mass email, the message
contains a username and password, together with a ZIP file that
purports to include invoice and flight ticket.
The archive file - e-ticket.doc.exe - is actually a malware applet
that downloads and installs a variety of attack code to the host PC.
"It's the old double-extension trick to hopefully fool the user to
double-click the attachment," says Joey Costoya, a Trend Micro senior
threat analyst, in his news blog.
"The phrase 'Your credit card has been charged ...' will just add more
worry for the user, convincing him more to examine and double-click
the 'flight details," he adds.
Infosecurity notes that a similar email was sent to millions of
Americans last July, with the email being "sent" by either Delta or
Northwest Airlines.
This latest infected email appears to have been more effective,
however, owing to the holiday season being so close.