Vacationers warned vs new wave of holiday travel spam

With the summer still young and many wanting to go on vacation, cyberscammers are coming up with new malware campaigns using holiday travel themes, a security vendor warned. Bitdefender said the scams involve spam emails that offer summer cruise and hotel deals, flight confirmation emails, and even vacation loans. "In season, holiday spam can reach up for up to 6 percent of all spam. And if a regular 'business spam day' means some 1.8 million messages, at the season peak we are talking about approximately 108,000 holiday-themed pieces a day of which bogus flight confirmations are most spread," Bitdefender researcher Loredana Botezatu said in a blog post. "While some samples are merely annoying, others have malicious links and malware in attachments. If it’s spam, treat it with caution!" she added. She pointed out airline confirmation emails or receipts that have malware attachments or links to malicious websites make up almost 60 percent of summer holiday spam this year. Botezatu said the second most widespread scam involves fake newsletters claiming early-booking bargains in luxury destinations. Among the most targeted airlines were potential customers of Delta Air Lines, US Airways and the German Condor Flugdienst, she said. On the other hand, Botezatu cited a recent holiday spam campaign targeting budget vacation planners with a “Your eTicket” spam campaign. The campaign targets potential customers of Delta Air Lines and asks the recipient to confirm a flight reservation with Delta - and check the information in an attached PDF file. Opening the attachment activates the "Sirefef" Trojan, which has rootkit capabilities. "Some such samples have links that redirect users to a webpage advertising a 'miraculous weight loss plant.' Others, with exactly the same name and appearance, lead users to a page associated with the BlackHole Exploit Kit to expose them to an exploit kit that silently reads a user’s browser configuration, looks for breaches then slams it with malware – all without the user’s interaction," Botezatu said.  — ELR, GMA News