Received this email in my junk-mail today.
——–
Dear Customer,
Your order has been successfully processed.
FLIGHT NUMBER US74973WS
ELECTRONIC 847201873
DATE & TIME / DEC 6, 2012, 11:22 AM
ARRIVING / New York
TOTAL PRICE / 389.33 USD
Please download and print your ticket from the following URL : https://www.aa.com/travelInform [. . .]
For more information regarding your order, contact us by visiting : https://www.aa.com/contactAA/viewContactAAAc[ . . . ]
Thank you
America Airlines.
——–
This thing looked so legit yet the ACTUAL link refers to double-u. Being cautious I went to my blackberry phone and loaded up the site. It leads to a blank website with message saying “It Works! …”. This is the default message when setting up an Apache2 server. When I loaded the same page on my Chrome browser, my antivirus program ticked off. Yes, the site is infected with a virus.
Two possibilities:
1) The hacker owns the domain www.air-canada [dot] org (WARNING: DO NOT ENTER SITE) and created a mass spam email linking back to his site, which redirects to his little server at home containing the virus.
2) The owner of the site has no idea what’s going on. His/her account may have been compromised by a hacker such that the DNS was changed to redirect to the hacker’s little server at home, containing the virus.
Bottom line
Be wary of emails you receive and never, EVER, click into a link in an unsolicited email even if it appears to be legit. Instead, MOUSE-OVER the link and verify the TRUE link at the bottom of your browser. DISCARD IMMEDIATELY if it seems highly suspicious. IF you must, use your tablet/phone/etc to open the link and verify content. These devices are usually not targets of viruses, YET. With a great degree of saturation of Tablets on the market right now, viral outbreaks in these devices is still in its infancy.
EOM