Friday, September 26, 2008

Virus alert: Your Online Flight Ticket N 78468 from Hawaiian Airlines

I use OzEfilter to delete unwanted emails at the mail server safely away from my computer. I decided to receive this email instead of having OzEfilter delete it, as it sounded similar to an earlier email which I blogged about. 

The email starts with the following information:

Thank you for using our new service "Buy flight ticket Online" on our website.
Your account has been created:

Attached to the email was a zip file named and inside this file was an executable file eTicket_O2.doc.exe. To me this is an obvious malicious email.

But then I had a thought. By default under Windows Vista and Windows XP if the user looks at a file, the extension is not shown. As an IT person, as a matter of habit I always turn on the option to dispaly the file extension. I decided to check what people would see if I turned off the ability to see file extensions. Sure enough, when viewing the file in the zip file, the file name is eTicket_O2.doc, which would appear to simply be a Word document to most people. It is no wonder so many people are tricked by this type of email.

Hiding the file extension is something Microsoft decided to do as the default. This shows that not displaying file extensions can easily lead users to infect their computer. I would suggest if you don't have file extensions turned on, then it is a good idea to turn the option on.

OzEfilter allows me to see this type of email and delete it before it even reaches my computer. If you aren't using OzEfilter, make sure you show file extensions, so you can tell what type of file you may be trying to open. 

Even though this infected email is similar to an email earlier reported to the anti-virus software company, which has now been added to their virus signature file, this virus was not detected by the anti-virus software, or the anti-virus software on the mail server. I'm thankful that OzEfilter enables me to delete this type of email before I receive it.

- Kelvin Eldridge

No comments:

Post a comment