Alarm sounded over Peter Pan panto malware
Phishing scam dupes victims over panto ticket claims
Firms have been warned not to open an email claiming to contain tickets for a Peter Pan pantomime in Bournemouth.
The email is targeted at SMBs and purports to confirm a ticket order from a genuine company BH Live.
However, the email does not come from the company and carries an attachment containing malware.
The email is titled Confirmation of Order and urges the recipient to click on an attachment to print their tickets, which have been charged at 145.
The attachment then tries to install malware on a target machine, including a cryptolocker as well as other malware designed to sniff out highly sensitive information such as usernames and passwords. The malware is thought to be almost undetectable by current anti-virus software.
According to research carried out by IT security firm ThreatExpert, the malware tries to contact servers in France and Belarus.
Derek Knight, who runs security blog My Online Security, said the emails have random order numbers in the subject and the zip malware file has the same number as the order number.
"All of these emails use social engineering tricks to persuade you to open the attachments that come with the email," he said.
"Be very careful when unzipping them and make sure you have show known file extensions enabled', And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened," he added.
A statement issued on the website of the Bournemouth Pavilion said: "Emails have been sent to a number of recipients purporting to be from BH Live. Initial investigations suggest that emails did not originate from BH Live's systems or network. Please do not open any attachment or click any links. We will post updates via our website and social media. We apologise for any inconvenience."
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download