Sponsored by..

Wednesday 17 July 2013

"Houston Marriott Westchase Reservation Confirmation" spam / marriott.com.reservation.lookup.viperlair.net

This fake Marriott spam leads to malware on marriott.com.reservation.lookup.viperlair.net:

Date:      Wed, 17 Jul 2013 05:12:22 -0800 [09:12:22 EDT]
From:      Marriott Hotels & Resorts Reservation [reservations@clients.marriottmail.org]
Reply-To:      reservations@clients.marriottmail.org
Subject:      Houston Marriott Westchase Reservation Confirmation #86903601

Marriott Hotels & Resorts Houston Marriott Westchase 2900 Briarpark Dr.,
Houston, Texas 77042 USA Phone: 1-713-978-7400 Fax: 1-713-735-2726
Reservation for [redacted]

    Confirmation Number: 86903601
    Check-in: Sunday, July 21, 2013 (03:00 PM)
    Check-out: Wednesday, July 24, 2013 (12:00 PM)

    Modify or Cancel reservation    

View View hotel website
Maps Maps & Transportation

Reservation Confirmation
Dear Client,

We are pleased to confirm your reservation with Marriott. Below is a summary of your booking and room information. We look forward to making your stay gratifying and memorable. When you're traveling away from home you can always count on Marriott.

Houston Marriott Westchase

Planning Your Trip

    See what's happening in Houston during your stay
    Check out some of Houston's top attractions

    Book with Hertz: Save up to 35% and Earn 500 Rewards Points
    Book Cars, Tours & More - get great rates on local tours and attractions

Reservation Details

    Confirmation Number: 86903601
    Your hotel: Houston Marriott Westchase
    Check-in: Sunday, July 21, 2013 (03:00 PM)
    Check-out: Wednesday, July 24, 2013 (12:00 PM)
    Room type: Guest room, 1 King or 2 Queen
    Number of rooms: 1
    Guests per room: 1
    Guest name: Jesus Bell
    Reservation confirmed: Wednesday, July 16, 2013 (21:55:00 GMT)
    Guarantee method: Credit card guarantee, VISA

Special request(s):

    •2 Queen Beds, Guaranteed
    •High Floor Room, Request Noted
    •I.D. Required, Request Noted

Summary of Room Charges     Cost per night per room (USD)
Sunday, July 21, 2013 - Wednesday, July 24, 2013 ( 3 nights=20 )     109.43
Govt/military rate, federal government ID required    
Estimated government taxes and fees     18.53
Total for stay (for all rooms)     469.89

    Complimentary on-site parking
    Valet parking, fee: 14 USD daily
    Changes in taxes or fees implemented after booking will affect the total room price.

You may modify or cancel your reservation online (see details below), or call our worldwide telephone numbers.

Contact us if you have questions about your reservation.
Canceling Your Reservation

    You may cancel your reservation for no charge until Friday, July 19, 2013 (1 day[s] before arrival).

    Please note that we will assess a fee of 127.53 USD if you must cancel after this deadline.

    If you have made a prepayment, we will retain all or part of your prepayment. If not, we will charge your credit card.

Modifying Your Reservation

    Please note that a change in the length or dates of your reservation may result in a rate change.
    Please be prepared to show proof of eligibility for your rate (such as a membership card, corporate or government identification card, or proof of your age).

Rewards Account Information
Your Rewards level: Silver
Your Rewards number: 642268841

As a Silver Elite member, you can enjoy the following benefits during your stay (may vary by hotel):
20% Bonus on your Marriott Rewards base points
Priority Late Checkout
Guaranteed Room Type

Sign in to view account

    Sign up for eFolio to receive your hotel bill by email after each stay in the USA and Canada.
    Plan events, earn rewards with Rewarding Events.

50,000 Bonus Points    
50,000 Bonus Points

Earn 50,000 Bonus Points and an Annual Free Night with No Annual Fee the First Year. More Rewards, Faster with the Marriott Rewards Premier Credit Card.

Learn More and Apply

Travel Alerts

    Download the Marriott Mobile App. The Perfect Travel CompanionTM
    Please Note: All Marriott hotels in the USA and Canada, are committed to a smoke-free policy.
    Learn more
    The Responsible Tourist and Traveler
    A practical guide to help you make your trip an enriching experience

Look No Further
You've received the best possible rate - guaranteed.

Privacy, Authenticity and Opting Out

Your privacy is important to us. Please visit our Privacy Statement for full details.

This email confirmation is an auto-generated message. Replies to automated messages are not monitored. Our Internet Customer Care team is available to assist you 24 hours per day, 7 days per week. Contact Internet Customer Care.

Promotional email unsubscribe

If you provided us with your email address for the first time, we will send you a follow-up email to welcome you. We will also send you periodic emails with information about your account balance, member status, special offers and promotions. An opt-out link will be included in each of these emails so that you can change your mind at any time.
If you would prefer to opt out of such emails from Marriott International, Marriott Rewards or The Ritz-Carlton Rewards, you may do so here. In addition, you may unsubscribe from The Ritz-Carlton email community here

Please note: Should you unsubscribe from promotional email, we will continue to send messages for transactions such as reservation confirmation, point redemption, etc.

Confirmation Authenticity

We're sending you this confirmation notice electronically for your convenience. Marriott keeps an official record of all electronic reservations. We honor our official record only and will disregard any alterations to this confirmation that may have been made after we sent it to you.

If you have received this email in error, please let us know.
Terms of Use::Internet Privacy Statement

©1996-2013 Marriott International, Inc. All rights reserved. Marriott proprietary information.

The link in the email goes through a legitimate hacked site and lands on [donotclick]marriott.com.reservation.lookup.viperlair.net/news/marriott-ebill-order-confirmation.php (report here) hosted on  the following IPs:

viperlair.net is registered with fake WHOIS details that mark it out as belonging to the Amerika gang:

      miguel villegas
      15003 Elkhorn Dr
      FONTANA, CA 92336-5517
      Phone: +1.9098998422
      Email: shanghaiherald32@yahoo.com (Softlayer, US) (Chunghwa Telecom, Taiwan) (Razor Inc, US)

Recommended blocklist:


colbran said...

Just got this email and did a google search and your site came up. Thanks for the heads up! I wasn't going to click on anything, but it certainly looks legit and appears as though Marriott needs a phone call. Thanks again!

Unknown said...

Lucky clicked it while on mobile and was redirected to their mobile site. Lucky me. Thanks for the heads up!

Unknown said...

I just got this message too, from the domain storenex.com which I looked up and found is out of Bangladesh. Not going to click on any links here!

Dontblogmuch said...

Got the same email...went to the legit Marriott site and searched the confirmation #. obviously wasn't a valid number.

Junebug said...

Got this email too. Looked up the phone number on Marriott's site (didn't click link). The phone is on a constant busy signal... THanks for posting this so we didn't keep trying to call all day ;)

Susan said...
This comment has been removed by the author.
Unknown said...

Mr. Nelson, I did the same thing on my mobile phone. Does anyone think this will be a problem, especially for Android devices?

Patricia said...

Can someone tell how this was done? Is this a XSS attack?

Cbrady said...

I just got this email and tried to reply to it to inquire to what it was about. Of course my reply was returned. Now my question is being I'm a "computer dummy" will doing that or me clicking the "contact us" link which is how I ultimately ended up here cause any sort of a virus on my WORK email address? Should I alert my IT guy and let him know this is a possible problem?
Thanks for any help or advise someone can offer!

Conrad Longmore said...

The exploit kit only works on Windows PCs as far as I am aware.

Conrad Longmore said...

@Cbrady: replying to the message is harmless. Clicking on the link less so, although infection is not guaranteed. Probably best to give IT the heads up just in case.