Talk about conspiring against everyday people...

I last flew an airline in 1979...never will step foot on them ever again...seems some people have the wrong idea about me...just received this e-mail...

American Airlines
Order#23088926
December 4, 2011 1:40 PM
Notification,
FLIGHT NUMBER AA983
ELECTRONIC 195642910
DATE & TIME / DECEMBER 12, 2011, 11:53 PM
ARRIVING / NEW YORK JFK
TOTAL PRICE / 283.30 USD

Your bought ticket is attached to the letter as a scan document.
To use your ticket you should print it.

Thank you for using our airline company services.
American Airlines.

The ticket is in a .zip file...

Anyway, I think the .zip file is a virus...will not open it...

Flight AA983 does exist, but it seems it travels from Miami to Guatemala to Minneapolis to Atlanta...

info.flightmapper.net...

This is conspiratorial on the part of persons wanting to take advantage of other people...Seems this is the type of stuff some people on the Internet like to do best...

Based on my work in the shady underworld of online marketing back in the day (no, I am not being cynical, nor am I proud of this knowledge) I do not believe you can get a virus from just a .zip file.

You can bind a virus to ANY .exe file, and there are work around to launch to launch malicious .exes by opening files (with any extension, not just .exe) in the same folder as a malicious file.

BUT, you can't get a virus from just opening a single naked .zip file alone.

If you unzip the .zip file and there is any .exe's in the folder, I would beware. Otherwise that should be safe.

And if for some reason it did have a virus, then I would doubt that email was actually an official email from the airline, as it is possible to send emails with a fake sender name.

Hope this helps.

Edit- If you got that email and you didn't buy plane tickets, it most certainly is spam and I would not open it. I would doubt it was actually sent from the airlines btw. They wouldn't send malicious files under their own name, that would be dumb of them.

reply to post by CREAM



When you open a .zip file, are you not "executing," a task?

reply to post by jeichelberg

Virus cannot infect zip files like the previous poster mentioned. If you have a virusscanner insalled, any infected file would be blocked from operating. I think that zip file contains a pdf file with your boarding ticket. You can also usually get them printed at the airport too if you don't trust it, but it will take a little more time. Do you think an airline company will risk its business or passengers by having a virus on their systems? If so, I would advise you not to fly as all the on-board flight control systems may also be infected.

In other words, what you have is called an e-ticket or electronic ticket. No need to be afraid.

dude... thats a virus... i been getting zip files from craft foods all week.

If you didn't buy a plane tick don't open it, but if you just bought a plane ticket and that is what you got, I would not be worried.

reply to post by LightSpeedDriver


The whole thing is...I do not FLY and did not order the ticket...plus the flight does not go to NY...Please read the OP carefully, thank you...

reply to post by jeichelberg

A task is not the same as executing a program. While pdf's can carry a "evil" payload and execute code, they should have closed that security whole by now.

A zip file does not get executed, merely opened and possibly its contents extracted.

reply to post by jeichelberg

In my haste to offer what little computer assistance I can, I missed that small but pertinent fact. Delete email. Done.
ETA Its good you don't fly now. The last time I did, I had a man insert both index fingers underneath the hem of my underpants at the front, and then slowly drew his fingers around my waist on both sides, circumscribing my waist. Most unpleasant and a little too intimate for words without warning. Standing in line too, along with everyone else. I could have exploded in rage but didn't as I needed to be where I was going. Next time I will not fly either. Its screwed beyond belief now.

UPDATE: I sent the suspect e-mail to American Airlines...this is the reply I received (at least they have scruples and demonstrate concern over this type of activity):

Dear Mr.xxxx,

Thank you for contacting us about a suspected fraudulent email you
received claiming to be from American Airlines.

This is spam email. Please DO NOT click on any of the web address
links, open any attachments, call phone numbers listed, or follow any
instructions in the fraudulent email. Instead, delete all email and
attachments.

If the email is asking you to perform security-related changes to your
account or attempting to collect your user name, password, email address
or other personal information, you have received a fraudulent email.
American Airlines will never send executable files as attachments, nor
ask our customers for this type of personal information in email
communications.

We deeply regret this inconvenience to you as an American Airlines
customer. Your privacy and security is extremely important to us. For
further information on how to protect yourself from fraudulent email,
please visit:

www.aa.com/phishing


Sincerely,
XXXXXX XXXXXXX
AA.com Web Services
American Airlines

Originally posted by LightSpeedDriver
reply to post by jeichelberg

 

A task is not the same as executing a program. While pdf's can carry a "evil" payload and execute code, they should have closed that security whole by now.

A zip file does not get executed, merely opened and possibly its contents extracted.

You again ,) Sorry to point this out, but exactly how do we know he has an updated PDF viewer? Presuming Adobe, while they may have fixed the issue, it does not mean everyone has updated their version of Reader. And then we have to consider zero day exploits (like the one Stuxnet used), where simply parsing the icon for a file not running it caused the exploit or the newest Duko which uses a kernel font exploit in a doc file.

If the person in question did not purchase the ticket there is little reason to open the file and risk infection (I say this not knowing the state of the target machine in question, but more times that not they are not fully patched).

To the OP if you want to arrange to email me a copy, I can get it analyzed, it smells of a spearfishing attack.

Originally posted by CREAMIf you unzip the .zip file and there is any .exe's in the folder, I would beware. Otherwise that should be safe.

This is really bad advice and I'd respectfully ask you not give it to others. There are attacks where simply rendering the icons in explorer for the files in question can result in an infection (depending on the patch state of the machine). This is one vector Stuxnet used to infect.

reply to post by Zaphod

reply to post by Zaphod

Like I already mentioned, in my haste I didn't see the fact he had not ordered a ticket As for Adobe software in general, why sure, it sucks major kahunas as they are focused on one thing and one thing only, money. Running Linux the only piece of their software I run is their flashplayer and even that they can't write properly. I think some of the free adobe readers have guarded against the exploit but you can never be 100% sure. They did post a "workaround" till they got it fixed but it was a while ago I read about the dangerous payload exploit. Adobe does include an auto check/update feature on a lot of their windows software. Buyer beware, I guess

As for Stuxnet, that is a SCADA worm/virus I believe. Not much good for home users. Blame Microsoft for their executable doc(x) word format with its macros and attachments. It always has sucked. Thats why virus scanners were invented though, to take up the slack of leaky software. A lame measure at best but if you use windows, it must be done.

PS Who me? I just feel chatty today!

Originally posted by LightSpeedDriver
As for Stuxnet, that is a SCADA worm/virus I believe. Not much good for home users.

The point wasn't so much it might get Stuxnet as Stuxnet exposed the zero day vulnerability around the ico handler and other attacks will use it, so simply unzipping files into a folder and letting explorer render them can lead to an infection if the machine is not patched.

reply to post by jeichelberg


I think the bigger picture point may be, and pardon me if I am depersonalizing your experience, jech, and forgive me if I am wrong, all others reading, that anyone with a computer can make it appear as if someone was somewhere and doing something they never actually were....

reply to post by Zaphod


While I appreciate the offer and the information, I would not want to be responsible for furthering a scam or phishing exploit...I have already deleted the unwanted e-mail in question...

Originally posted by jeichelberg
reply to post by Zaphod

 

While I appreciate the offer and the information, I would not want to be responsible for furthering a scam or phishing exploit...I have already deleted the unwanted e-mail in question...

That is a shame, samples should always be forwarded to the AV firms so they can take a peek. Oh well, I'd say next time but I hope you don't have to deal with something like this again.

reply to post by tetra50


I am unsure what you are attempting to communicate...

reply to post by jeichelberg

You have not flown since 1979, and yet received an e-ticket or receipt of one. I should think it was obvious. Whatever spamming or endeavor to lead you to open a virus bearing email may result in, perhaps there may be larger implications afoot?
Or not. Just my HO

reply to post by tetra50


result in me taking a flight?