03.05.2012,

Author:  SB

Users receive malware instead of travel documents

Fake booking confirmations lure users into malware trap

The holidays are getting closer and many people are using the Internet to find out information on holiday destinations or even conveniently book their entire holiday over the Internet. In fact over 14 million people in Germany have booked a holiday via the Internet in the past year (source: VuMa 2011). Online criminals are picking up on this trend in a current campaign. This week the perpetrators have started sending mass emails with supposed hotel booking confirmations. But instead of travel documentation the attachment contains a dangerous banking Trojan that is targeting the unsuspecting user's online account. The malware has already been detected by G Data security solutions and fended off.

Screenshot of email with malware attachment, announcing reservation information

"Perpetrators know that more and more people are booking their holidays online and are waiting for travel, flight or hotel confirmations. In the current case the perpetrators are falsely using the name of popular travel portal Booking.com as the supposed sender. After opening the file attachment, a dangerous banking Trojan that targets the victim's online account attempts to install itself," explains Ralf Benzmüller, head of G Data Security Labs.
"It is possible that other renowned travel companies will be misused in similar campaigns in the coming weeks. Consumers who book their holiday online should carefully check whether the sender of the booking confirmation is the same as the travel company. Recipients should also treat zipped archives with particular caution and contact the provider in case of doubt. Use of a powerful security solution should also be obligatory, as should direct installation of software and operating system updates, to close existing security vulnerabilities."

Malware targeting bank accounts
The malware being used belongs to the Bebloh family of banking Trojans, according to analyses by G Data Security Labs. This malware program keeps cropping up in particularly elaborate attack tactics, e.g. the so-called return attack. With this, manipulation of the online banking page being displayed is used to lead the customer into believing he has received a misdirected bank transfer and to request a return transfer. It is hard for customers to see through this scam, as the amount also appears in the account summary. This attack works regardless of the TAN process used, as the user carries out and authorises the transfer him-/herself.


Banking Trojans
Manipulations by banking Trojans take place in specific files in the random access memory. However, traditional antivirus solutions only recognise 27 percent of such malware on the first day. With G Data BankGuard, the German IT security software provider has developed a new technology that offers effective protection against banking Trojans and closes critical security vulnerabilities. G Data BankGuard is compatible with every antivirus solution on the market and has already been a permanent component of the G Data security solutions for home users from the 2012 product generation.

Search