12345

4/09/2012

[Caution] Detected malicious files disguised as online hotel reservation

1. Introduction

INCA Internet Emergency Response team detected those malicious files which are disguised as a reservation confirmation mail from Booking.com.
This kind of spreading technique, one of social engineering technique, is disguising and inducing user to see its attachment.
To who frequently using online reservation service, check our post and need to be careful from infected by malicious files.



Malicious file spreading techniques via e-mail are used by both APT(Advanced persistent threat) and just spreading malicious files to unspecific users.

2. Spreading malicious files

Booking.com is one of famous online hotel reservation sites. Established in 1996, Booking.com is the world's leading online hotel reservations agency by room nights sold, attracting over 30 million unique visitors each month via the Internet from both leisure and business markets worldwide.



This e-mail is disguised as sent from booking.com including its title and mail contents.
It also contains its attachment "Reservation-Details-From-Booking-Com_03291295155.zip".



In this attachment, it contains malicious file as EXE file type.



3. Summary

Malicious file spreading technique is classical but it still has been used for spreading malicious files especially on APT technique.

Therefore, users need to be careful on downloading attachment on e-mail, especially in case of attachment file contains executable files(EXE, SCR, COM). To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.

No comments:

Post a Comment