Spammers want you to take their malware for a cruise

Print Friendly, PDF & Email

It's time for your vacation and you're excited – you've planned a cruise and it's going to be great!  Now you have an email that contains important documents that you need to review and carry with you on your trip.

Not so fast.

The Barracuda Labs spam honeypots have picked up a run of spam impersonating emails from the Royal Caribbean International cruise company.

RoyalCarib_eml

The email is well written, looks official and is part of a trend towards impersonation of “expected” email, emails that don't arouse suspicion because of some pre-existing relationship with a business.  In this case the spam might be quickly opened  since at least some computer users are (or wish they were) booking a cruise.    Unfortunately, as is so often the case with unsolicited email, the payload is a virus that lurks in the background and steals online credentials.

The spammers use an old-school trick to disguise that payload.   In the email they specifically present the contents as a Portable Document Format (PDF) file, usually opened by Adobe Reader, and if you open the .zip file you'll see what you think is a .pdf file.

RoyalCarib_exp1

The thing is,  Microsoft Windows does not usually display file extensions, so this file only ‘appears' to be a .pdf file, and spammers know that.  You can  change the default Windows settings for folder display like so

RoyalCarib_exp2

Once those settings are changed you can see what is really going on.

RoyalCarib_exp3

The file actually carries an .exe extension.  It's really a program posing as a .pdf file.

 

The lesson here is that even emails that are plausible looking on the surface need to be treated very carefully.  Spammers have a huge bag of tricks they use to worm their way onto your computer.   Don't open unsolicited emails, and in the case of emails that might be legitimate, double-check with the named companies to see if it is legitimate before opening anything.

 

Barracuda customers using the Barracuda Spam & Virus Firewall are protected from these emails.

 

Scroll to top
Tweet
Share
Share