Sponsored by..

Showing posts with label US Airways. Show all posts
Showing posts with label US Airways. Show all posts

Wednesday 27 February 2013

US Airways spam / berrybots.net

This very details but fake US Airways spam leads to malware on berrybots.net:

Date:      Wed, 27 Feb 2013 08:09:36 -0500 [08:09:36 EST]
From:      bursarp1@email-usairways.com
Subject:      Your US Airways trip

US Airways - Your Reservation

Confirmation code:   B339AO

Date issued:   Tuesday, February 26, 2013


Barcode
[redacted]
Scan at any US Airways kiosk to check in
Passenger summary
Passenger name
Frequent flyer # (Airline)
Ticket number
Special needs
Angel Morris 40614552582 (US)   22401837506661    
Robert White   12938253579871     
Fly details Download to Outlook
Depart:    Philadelphia, PA  (PHL) Chicago, IL (O'Hare)  (ORD)

Date: Thursday, February 28, 2013
Flight #/ Carrier
Depart
Arrive
Travel time
Meal
Aircraft
Cabin
Seats
8766   
09:38 AM   PHL
10:56 AM   ORD
2h 18m
A320
Coach
236E 236A

Return:    Chicago, IL (O'Hare)  (ORD) Philadelphia, PA   (PHL)

Date: Wednesday, March 06, 2013
Flight #/ Carrier
Depart
Arrive
Travel time
Meal
Aircraft
Cabin
Seats
4394   
11:55 AM   ORD
02:49 PM  PHL
1h 54m
A320
Coach
10A 10B
  US Airways


Total travel cost (2 passengers)
2 Adults   $667.35 USD 
Taxes and fees  $95.25 USD 

Fare total $754.61 USD   

Total   $751.62 USD

Charged to
************XXX7 (Credit or Debit Card)

Helpful links


Bags

Pay for your checked bags when you check in online or at the airport! Read more about bags.
Carry ons* Carry-on bag Personal item
All flights $0 $0
Checked bags (each way/per person)* 1st bag 2nd bag
U.S. / Canada / Latin America / Caribbean / Bermuda / South America (except Brazil) $25 $35
Transatlantic $0 $100
Transpacific / Brazil (except Hawaii) $0 $0
*Carry-ons can be up to 40 lbs and up to 45 inches and a personal item is a handbag, briefcase or laptop bag.
**1st & 2nd checked bags can be up to 50 lbs and 62 inches except Brazil where you're allowed up to 70 lbs. Europe fees apply for travel to/from Asia through Europe. Baggage fees are non-refundable.


1st, 2nd and 3rd checked bag fees waived
  • Gold, Platinum and Chairman's Preferred members
  • Star Alliance Gold status members
1st and 2nd checked bag fees waived
  • (Overweight / oversize fees still apply)
  • Confirmed First Class and Envoy passengers
  • Active U.S. military with ID on personal travel
  • Active U.S. military with ID and dependents traveling with them on orders
  • Unaccompanied minors (with US Airways unaccompanied minor paid assistance)
1st checked bag fees waived
  • (Overweight / oversize fees still apply)
  • Silver Preferred members
  • Star Alliance Silver status members
Other guidelines:
  • Overweight/oversize fees and fees for 3 or more bags apply. Read all baggage policies.
  • If you're traveling with an infant, the child is allowed 1 fully collapsible stroller or 1 child restraint device or car seat (no charge). If you're traveling internationally with an infant in lap, your child is also allowed 1 checked bag (checked bag fees apply - max 62 in/157 cm and 50 lbs/23 kg).
  • If one or more of your flights is on a partner airline, please check with the other airline for information on optional fees.



Terms & conditions
  • Ticket is non-transferable.
  • You must contact US Airways on or before your scheduled departure to cancel any or all of your flights. If you don't, your entire itinerary will be cancelled and there may be no remaining value to use toward another ticket.
  • Any change to this reservation, including flights, dates, or cities, is subject to a fee per passenger (according to the rules of the original fare). The new itinerary will be priced at the lowest available published fare at the time of change, which may result in a fare increase.
  • Ticket expires one year from original date of issue. Unflown value expires one year from original date of issue.
  • Read more about all US Airways taxes and fees.
  • You have 24 hours to cancel your reservation for a full refund. Please view this link.
  • Checked baggage fees may apply.
  • Air transportation on US Airways is subject to the US Airways Contract of Carriage. View this document in PDF format.
  • Security regulations may require us to disclose to government agencies the data you provide to us in connection with this reservation.
  • Changes to the country of origin are not permitted, except for changes between the United States and U.S. territories.
  • Send US your compliments and/or complaints.

We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com. Please do not reply to this email, it is not monitored. If you'd like to contact us, please visit our website.

Picture version (click to enlarge):
The malicious payload is at [donotclick]berrybots.net/detects/circulation-comparatively.php (report here) hosted on:118.97.77.122 (PT Telkon, Jakarta)
147.91.83.31 (AMRES, Serbia)
195.88.139.78 (Neiron Systems, Ukraine)

Recommended blocklist:
118.97.77.122
147.91.83.31
195.88.139.78
greatfallsma.com
lazaro-sosa.com
yoga-thegame.net
dekolink.net
saberdelvino.net
berrybots.net


Tuesday 4 December 2012

US Airways spam / attachedsignup.pro

This fake US Airways spam leads to malware on attachedsignup.pro:


From:     US Airways - Booking [reservations@myusairways.com][
Date:     4 December 2012 14:30
Subject:     US Airways online check-in.
  
You can check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying internationally). After that, all you have to do is print your boarding pass and go to the gate.

Purchase code: 183303

Check-in online:  Online booking details

Payment method:  Credit card
Money will be withdrawn in next 3 days
   
Voyage

5990    
Departure city and time

Massachusets MA (DCA) 10:10 AM

Depart date: 12/05/2012    


We takes care to protect your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 145 W. Rio Salado Pkwy, Tempe, AK 93426 , Copyright US Airways , All rights reserved. 
The payload and IP addresses are identical to this spam doing the rounds today.

Tuesday 11 September 2012

US Airways spam / blue-lotusgrove.net

A couple of samples of a fake US Airways spam email leading to malware on blue-lotusgrove.net:


Date:      Tue, 11 Sep 2012 15:32:42 -0300
From:      "US Airways - Reservations" [reservations@myusairways.com]
Subject:      Please confirm your US Airways online registration.
   
You can check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying internationally). Then, all you need to do is print your boarding pass and proceed to the gate.

Confirmation code: 592499

Check-in online: Online reservation details

Flight

6840    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 9/12/2012    

We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

==========


Date:      Tue, 11 Sep 2012 23:29:14 +0700
From:      "US Airways - Reservations" [intuitpayroll@e.payroll.intuit.com]
Subject:      US Airways online check-in.

you {l2} check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying {l3}). {l4}, all you {l5} to do is print your boarding pass and {l6} to the gate.

confirmation code: {digit}

check-in online: online reservation details

flight

{digit}    
departure city and time

washington, dc (dca) 10:00pm

depart date: 9/12/2012    


we are committed to protecting your privacy. your information is kept private and confidential. for information about our privacy policy visit usairways.com.

us airways, 111 w. rio salado pkwy, tempe, az 85281 , copyright us airways , all rights reserved.

The malicious payload is at [donotclick]blue-lotusgrove.net/main.php?page=559e008e5ed98bf7 (report here) hosted on 203.91.113.6 (G Mobile, Mongolia), the same IP used in this attack. The following domains are on the same server, they can all be considered to be malicious:


padded.pl
spiki.pl
fruno.pl
nextbox.pl
omariosca.com
hemiga.com
decorera.com
seneesamj.com
unitmusiceditior.com
likenstendarts.com
flatbuzz.com
morepic.net
dushare.net
blue-lotusgrove.net
nitor-solutions.net
gsigallery.net
atfood.ru
indyware.ru
advia.kz
iowa.kz
autumn.kz
wet.kz

Wednesday 25 July 2012

US Airways spam / reformattedfilmmaker.org and algebrayep.org

This fake US Airways spam leads to malware on reformattedfilmmaker.org:

Date: Wed, 25 Jul 2012 09:46:57 -0500
From: "US Airways - Reservations" [support@myusairways.com]
Subject: Confirm your US airways online reservation.

You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). After that, all you have to do is print your boarding pass and go to the gate.

Confirmation code: 210916

Check-in online: Online reservation details

Flight

4817
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 7/26/2012


We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

The malicious payload is at [dotnotclick]reformattedfilmmaker.org/main.php?page=70ec803a01c84ddc (report here) hosted on the same Chinese IP address of 221.131.129.200 that was used in a similar spam run yesterday.

UPDATE: a similar US Airways spam run is also underway with a malicious payload on algebrayep.org on the same IP address.

Tuesday 24 April 2012

US Airways Spam / 208.117.43.8

Another US Airways spam run, leading to malware on 208.117.43.8 (as with this Pizza spam campaign).

Date:      Tue, 24 Apr 2012 20:12:38 +0700
From:      "US Airways - Reservations" [reservations@myusairways.com]
Subject:      Please confirm your US Airways online registration.
   
You can check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). After that, all you have to do is print your boarding pass and head to the gate.

Confirmation code: 749251

Check-in online: Online reservation details



   
Flight

6138    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 4/5/2012    



We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

====================

Some other subjects include:
Confirm your US airways online reservation.
US Airways online check-in confirmation.


The malicious payload is on 208.117.43.8/showthread.php?t=73a07bcb51f4be71(report here). Blocking this IP would probably be a good idea.

Tuesday 10 April 2012

US Airways Spam / 50.116.5.41 and 174.140.165.197

This fake US Airways spam leads to malware on 50.116.5.41

Date:      Tue, 10 Apr 2012 19:18:16 +0530
From:      "US Airways - Reservations" [usair@myusairways.com]
Subject:      Confirm your US airways online reservation.

   
   
You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). Then, all you have to do is print your boarding pass and proceed to the gate.

Confirmation code: 956153

Check-in online: Online reservation details



   
Flight

1396    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 4/5/2012    



We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

The payload is on 50.116.5.41/showthread.php?t=73a07bcb51f4be71 (report here) which is hosted by Linode in the US.

Update: a similar spam is also doing the rounds with a payload on 174.140.165.197 (Directspace, US)

Thursday 5 April 2012

US Airways Spam / 209.59.218.94

Another US Airways spam, malformed this time, pointing to malware on 209.59.218.94.

Date:      Thu, 5 Apr 2012 14:10:48 +0000
From:      "US Airways - Reservations" [usair@myusairways.com]
Subject:      Confirm your US airways online reservation.


you {l2} check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying {l3}). {l4}, all you {l5} to do is print your boarding pass and {l6} to the gate.

confirmation code: {digit}

check-in online: online reservation details
  
flight

{digit}   
departure city and time

washington, dc (dca) 10:00pm

depart date: 4/5/2012   


we are committed to protecting your privacy. your information is kept private and confidential. for information about our privacy policy visit usairways.com.

us airways, 111 w. rio salado pkwy, tempe, az 85281 , copyright us airways , all rights reserved.


The malicious payload is at 209.59.218.94/showthread.php?t=73a07bcb51f4be71 (report here). This is hosted by Endurance International in the US.

US Airways Spam / 174.140.171.117

Another US Airways spam leading to malware on a Directspace IP (174.140.171.117)

Date:      Thu, 5 Apr 2012 18:54:19 +0700
From:      "US Airways - Reservations" [support@myusairways.com]
Subject:      US Airways online check-in.
   
   
You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying internationally). After that, all you need to do is print your boarding pass and go to the gate.

Confirmation code: 610235

Check-in online: Online reservation details

   
Flight

5266    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 4/5/2012    

   
We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.
The malicious payload is on 174.140.171.117 (report here) hosted by Directspace in the US. This is the third time in recent days that Directspace have hosted such a site in this range, the others were 174.140.171.173 (here) and 174.140.166.138 (here).

Wednesday 4 April 2012

US Airways Spam / 174.140.166.138


Another one of a spate of fake US Airways emails, with a link leading to malware:

From:     US Airways - Reservations reservations@myusairways.com
Date:     4 April 2012 14:58
Subject:     US Airways online check-in.

You should check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). After that, all you have to do is print your boarding pass and go to the gate.

Confirmation code: 266492

Check-in online:  Online reservation details

   
Flight

0312    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 4/5/2012    


We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.


The malicious payload is on 174.140.166.138 (report here) hosted by Directspace in the US. Avoid.

Tuesday 3 April 2012

US Airways Spam / 109.202.98.43

Another US Airways fake email leading to malware:

Date:      Tue, 3 Apr 2012 14:26:03 +0200
From:      "US Airways - Reservations" [reservations@myusairways.com]
Subject:      Confirm your US airways online reservation.
   
You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying internationally). Then, all you need to do is print your boarding pass and head to the gate.

Confirmation code: 336881

Check-in online: Online reservation details

   
Flight

0989    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 4/5/2012    

We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved.

The malware is on 109.202.98.43/showthread.php?t=73a07bcb51f4be71 (report here) hosted Global Layer, Netherlands.

Monday 2 April 2012

US Airways Spam / 174.140.171.173

This spam appears to be from US Airways, but it actually leads to malware on 174.140.171.173.

From:     US Airways - Reservations support@myusairways.com
Date:     2 April 2012 15:15
Subject:     US Airways online check-in confirmation.   
   
You have to check in from 24 hours and up to 60 minutes before your flight (2 hours if you're flying abroad). After that, all you need to do is print your boarding pass and proceed to the gate.

Confirmation code: 778136

Check-in online:  Online reservation details

   
Flight

7557    
Departure city and time

Washington, DC (DCA) 10:00PM

Depart date: 4/5/2012    

We are committed to protecting your privacy. Your information is kept private and confidential. For information about our privacy policy visit usairways.com.

US Airways, 111 W. Rio Salado Pkwy, Tempe, AZ 85281 , Copyright US Airways , All rights reserved. 

The link goes through a couple of legitimate hacked sites and ends up at 174.140.171.173/showthread.php?t=73a07bcb51f4be71 which contains a malicious payload. This IP is hosted by Directspace in the US.