14 DAY TRIAL // A malicious email campaign, detected more than a month ago, luring users to open fake electronic airplane tickets, is still alive and kicking, using the exact same type of bait.
The message reaching the inbox of the potential victim contains details about an alleged purchase of an airplane ticket; details include the number of the ticket, seat, date and time of departure, as well as the destination.
The document, which claims to come from Delta Air Lines, is available for printing in the attachment.
Malware does not have file encryption capabilities
Researchers at Cyveillance have analyzed the file and determined that it is a version of the Weelsof Trojan.
The malware is a ransomware type of threat that locks access to the computer by shielding the desktop screen with a ransom message served from a local file.
No file encryption capabilities are available, so information on the disk remains unaffected and can be extracted.
As it usually happens, the message purports to be from law enforcement, bringing accusations of accessing illegal content (adult or otherwise) and saying that a fine needs to be paid for the charges to be waived.
All the details for making the payment are provided in the message; to avoid leaving a trace, ransomware cases usually ask for money to be sent from pre-paid cards. This kind of payment should always raise a flag because government institutions and organizations would never resort to such a method.
Removing the malware
Getting rid of Weelsof is not a difficult task, especially since it is detected by a large number of antivirus scanners. A system affected by this threat most likely does not benefit from sufficient protection, otherwise the malware would have been caught before locking up the computer.
With no possibility to download an antivirus solution, the user is left with the only choice of using an offline version of such a product, which can scan the computer from a USB drive at boot time and eliminate the malware. All major antivirus vendors provide an offline scanner, specifically for situations when the threat cannot be removed with the OS powering the system.
Apart from choosing an antivirus product from the leaders in the industry, users can also defend themselves by ignoring unsolicited messages.
Cyveillance does not mention if the recipients of the fake email were indeed searching for airplane tickets before the message hit their inbox.
In what could be an incident of compromising user profiling services, F-Secure reported a case where the potential victim received a scammy email purporting to contain a ticket for the exact destination they were planning to travel to.
On the other hand, this could also have been a very weird coincidence. Delta Air Lines was also the company that allegedly issued the ticket.