Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

US Election used as malware smokescreen

At first glance this looked like a “standard” email-malware attack. As with many similar attacks the email pretends to be carrying an eticket attachment – this time from Delta. The zip file holds executable malware. In case we weren’t sure this is malware here are some of the giveaways:

  • The “flight” predates the email by about 2 months (August 2012)
  • Delta doesn’t fly to Corpus Christi (OK, I had to look that one up…)
  • The very curt instructions: “you can print your ticket”
  • It’s Delta not “Delta Air Lines”

At this point we would normally just file this as “eticket-email-malware”.

But wait… There’s more

There is text following that last line. It’s in a white font and so does not appear on most recipients’ screens. It reads:

  • US runs a 4th straight $1 trillion-plus budget gap
  • Obama team promises more aggressive president in second debate
  • Feisty Biden gives Democrats a reason to smile
  • Video: Issa: Budget cuts not issue in Libya attack
  • Obama team promises more aggressive president in second debate

In other words legitimate looking text designed to convince spam filters that this email is somehow genuine – and what could be more legitimate and genuine that the upcoming US election. If you used a blue background on all of your screens (and we’re sure you don’t) then you would have seen it immediately.

You might also like

Phishing with QR codes

Don’t Scan or be Scammed By Maharlito Aquino, Kervin Alintanahin and Dexter To In 1994, a type of the matrix barcode known as the Quick Response code, now widely known as QR code, was invented by Masahiro Hara from a Japanese company Denso Wave. The purpose of the...