Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

US Election used as malware smokescreen

At first glance this looked like a “standard” email-malware attack. As with many similar attacks the email pretends to be carrying an eticket attachment – this time from Delta. The zip file holds executable malware. In case we weren’t sure this is malware here are some of the giveaways:

  • The “flight” predates the email by about 2 months (August 2012)
  • Delta doesn’t fly to Corpus Christi (OK, I had to look that one up…)
  • The very curt instructions: “you can print your ticket”
  • It’s Delta not “Delta Air Lines”

At this point we would normally just file this as “eticket-email-malware”.

But wait… There’s more

There is text following that last line. It’s in a white font and so does not appear on most recipients’ screens. It reads:

  • US runs a 4th straight $1 trillion-plus budget gap
  • Obama team promises more aggressive president in second debate
  • Feisty Biden gives Democrats a reason to smile
  • Video: Issa: Budget cuts not issue in Libya attack
  • Obama team promises more aggressive president in second debate

In other words legitimate looking text designed to convince spam filters that this email is somehow genuine – and what could be more legitimate and genuine that the upcoming US election. If you used a blue background on all of your screens (and we’re sure you don’t) then you would have seen it immediately.

You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...