Advisory: Malicious Email Alert - Fake Delta Email Leads to Trojan

Wednesday, January 22, 2014 15:00:00 EDT


A malicious email was sent to several university members that claimed
to be from Delta regarding the purchase of a ticket.


End users


A malicious email was received by several university members that
claimed to be a confirmation of a ticket purchase through Delta
Airlines. The sender address was spoofing a email address
and had fake order numbers in the subject and the URL. The URL was
described as a way to download and print your recently purchased
ticket. However, the URL would direct the user to download a .zip
file that contained trojan-like malware. The examples that ITSP
Security were provided ended up leading to two different variants of
malware. The malware was supplied to McAfee for their inspection and
the result was an extra.DAT file to be provided for the ePO server.

There is a possibility that other similar emails may provide different
variants of email that we have not seen yet. It is important to note
that users should ignore these emails, especially if they did not
purchase any airline tickets recently.

As usual, clicking on links in emails is not recommended. The
alternative is to copy and paste the link into the browser after doing
some investigation of the URL and content of the message for legitimacy.


Ignore and delete the email. If the file was downloaded and the machine
contains or has access to sensitive or restricted data, please contact; otherwise the machine will need to be re-imaged.
Users will
also need to change their password and challenge questions if they
used the machine after the malware would have been triggered.


For questions concerning this advisory, please send email to:

Report computer-related abuse to STEAM-CIRT:
purdue . edu /securepurdue/steam
(copy and paste, then remove spaces)

Posted by ITSP Security on January 22, 2014, in Advisory Alerts.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at

PDF files can be viewed in Adobe Acrobat Reader.