Spam Email from Qantas, Malware Included

 Analysis by: Mark Christian Aquino

Qantas Airways is the latest company to be spoofed by cybercriminals for a spam run. We recently encountered spam mail pretending to be legitimate email from the Australian flag carrier.

The email contains supposed itinerary details for a particular flight. It also urges the recipient to open the attached .ZIP file attachment. However, the attachment only contains an executable file, which is verified to be malicious. The executable file is a backdoor, detected by Trend Micro as BKDR_ANDROM.DSA.

Users are encouraged to be cautious when opening emails and attachments, even if the source appears reputable.

 SPAM BLOCKING DATE / TIME: February 19, 2013 GMT-8
 TMASE INFO
  • ENGINE:7.0
  • PATTERN:AS 9646