Therefore, general user especially who booked hotel needs to be careful about being infected malicious file from the attachments of e-mail.
Furthermore, one of features of these e-mails is using famous hotel's name illegally.
2. Spreading path and symptoms of infection
In case of this malicious e-mail, it can be received by leaking of e-mail account information such as common spam mails, and its attached malicious file can be downloaded by clicking link on SNS or instant messenger.
Lately found malicious e-mail related hotel reservation error has its various types and emerges with changing its content.
This following figure is about hotel reservation error e-mail.
* Similar malicious e-mails
Each e-mail contents are similar.
It induces user to download and execute attachments which consists mainly a price error on reservation.
This following figure is the attachment on decompressed.
This following icon is similar as Excel's icon.
It may confuse user and can be executed by user knowing that as an Excel file.
And if you execute this malicious file, it will try to access external site and download additional malicious file.
* Additionally downloadable malicious file related fake Anti-Virus
This fake Anti-Virus related malicious file uses Tls Callback function, and can be executed after Unpacking with using Packed file generated before threading.
However, in case of this malicious file, it contains parsing about certain external web site URL and cannot be executed.
3. How to prevent
General user can hardly notice something happened in his PC while spreading malicious file with using social engineering.
To use PC safely from security threats of these malicious attachments, we recommend following "Security management tips" for general users.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function with nProtect Anti-Virus/Spyware for detecting such as malicious file stated above and runs responding system against various security threats.