Scam Emails:
Booking Confirmation from

News from Omniquad | June 28, 2012

Fraudulent emails from – beware of this scam, emails contain malicious code.

The holiday season is upon us, and people are making hotel reservations, many opting to book from places such as, Expedia or, legitimate sites for finding accommodation over the holidays.

The malicious emails in this threat outbreak claim to be from informing the victim that their hotel booking has been confirmed and that the booking information is attached. The text in the e-mail message body instructs the recipient to open the attachment to look at the document. But beware, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the user’s system with malicious code. The zipped attachment in the email is a Trojan.

The following text is a sample of the e-mail message that is associated with this threat outbreak:

Subject: Hotel booking reservation
Date: Tue, 26 June 2012 17:56:39 + 0800


We have received a reservation for your hotel.

Please refer to attached file now to acknowledge the reservation and see the reservation details:

Arrival: Friday 06 July 2012 Number of rooms: 1

If you have any questions regarding this reservation, please feel free to contact us. Telephone: English support xxxxxxxxxxxxxx, Spanish support 1

Yours sincerely,

Picture: Fraudulent email purporting to be from

Don’t fall victim this scam. The email is fake. The attachment is not your, or anybody’s reservation, but a vehicle to install malicious code on your system.

Technical Insight into this Trojan.