Sponsor Message:
Civil Aviation Forum
My Starred Topics | Profile | New Topic | Forum Index | Help | Search 
Today I Got Malware/trojan With My Ryanair Eticket  
User currently offlinePs76 From , joined Dec 1969, posts, RR:
Posted (2 years 10 months 1 week 3 days 16 hours ago) and read 10302 times:

Hi!

Just want to say first I don't intend for this to be a Ryanair bashing thread! I actually quite like Ryanair. They fly to some interesting smaller destinations in Europe and their fares are still cheaper than anyone else if you book in advance and don't have any checked luggage. But today I booked a flight from London Gatwick to Dublin on the 6th September and when I opened up the confirmation email it had a trojan in it. It was one of the "you PC is infected with viruses please buy this software" type of malware. I'm pretty sure it came from the email as the first time I opened it up it took ages and infected a hotel's PC where I was at the time and then when I got home I opened it up again (stupidly) and the exact same thing happened. The PC was properly infected and required a reboot in safe mode and then a scan with Malwarebytes anti-malware to fix it. So do you think someone hacked into the Ryanair website and started putting trojans in their e-tickets. Seems pretty hard to believe that a major company like Ryanair could be hacked in this way. I didn't send them an email because they're probably too busy to be dealing with my problems but just thought I would share the information so people can be aware in the future.

Any thoughts welcome.

Many thanks for reading,

Pierre

34 replies: All unread, showing first 25:
 
User currently offlineGingerSnap From United Kingdom, joined Aug 2010, 892 posts, RR: 5
Reply 1, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 10240 times:

How much did they charge for the trojan?

Sorry it was going to be said.



Flown on: A306 A319/20/21 A332 B732/3/4/5/7/8 B742/4 B752 B762/3 B772/W C152 E195 F70/100 MD-82 Q400
User currently offlinenoelg From , joined Dec 1969, posts, RR:
Reply 2, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 10237 times:

I think this was more likely an issue with the hotel's PC than with Ryanair's email.

Ryanair don't send any attachments with their confirmations - it's just a plain email (not even any images, at least the last time we booked).

You do not get a virus via email without running something, even if you did your AV would pick it up (if up to date of course and not a zero hour exploit of course).


User currently offlinecbphoto From United States of America, joined Dec 2003, 1548 posts, RR: 6
Reply 3, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 10220 times:

Nah..just another user fee in the works. "For an additional 10 EU, your e-ticket will be guaranteed virus free!" All jokes aside, you might want to contact Ryanair technical support and talk to them about it. Non the less, that sucks!


ETOPS: Engines Turning or Passengers Swimming
User currently offlinekl911 From Ireland, joined Jul 2003, 5085 posts, RR: 12
Reply 4, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 10120 times:

Quoting noelg (Reply 2):
I think this was more likely an issue with the hotel's PC than with Ryanair's email.

Ryanair don't send any attachments with their confirmations - it's just a plain email (not even any images, at least the last time we booked).

You do not get a virus via email without running something, even if you did your AV would pick it up (if up to date of course and not a zero hour exploit of course).

True, this has nothing to do with Ryanair.



Next trip : DUB-AUH-CGK-DPS-KUL-AUH-CDG-ORK :-)
User currently offlineflyingbird From Sweden, joined Mar 2005, 162 posts, RR: 0
Reply 5, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 10088 times:

IF there is a virus attached to an e-mail, you have to RUN the file/virus to activate it. A virus that hasn't been activated/executed (double clicked) is completely harmless. Most mailservers/mail clients blocks all .exe files and other files that can be executed, so the risk getting a virus, just by opening an e-mail is close to 0 (zero).

User currently offlineMir From United States of America, joined Jan 2004, 21129 posts, RR: 56
Reply 6, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 10036 times:

Quoting noelg (Reply 2):
I think this was more likely an issue with the hotel's PC than with Ryanair's email.

That doesn't explain how it would happen on both the hotel's PC and his own PC, though.

-Mir



7 billion, one nation, imagination...it's a beautiful day
User currently offlinePs76 From , joined Dec 1969, posts, RR:
Reply 7, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 9992 times:

Hi!

Many thanks for the replies. Maybe I'm wrong with the fact that a trojan could be embedded in a simple email but I am pretty sure I got the same issue after opening the email on two different computers. One thing I noticed is that when I opened the email it took a long time and Java started up. When it happened on my home Vista PC Vista did say that a program wants to start and of course I said no but I was already infected. I must add that I stupidly do not use any antivirus on my home PC. I'm a flightsimmer and I get scared that antivirus will reduce my precious FPS in FSX! Anyway it could well be that it had nothing to do with Ryanair and you're right their email is very basic without even any graphics. I deleted the email though and of course it won't put me off flying them. Thankfully their 737-800's don't use Microsoft technology!

Pierre


User currently offlineWoof From , joined Dec 1969, posts, RR:
Reply 8, posted (2 years 10 months 1 week 3 days 15 hours ago) and read 9952 times:

Quoting flyingbird (Reply 5):
IF there is a virus attached to an e-mail, you have to RUN the file/virus to activate it. A virus that hasn't been activated/executed (double clicked) is completely harmless. Most mailservers/mail clients blocks all .exe files and other files that can be executed, so the risk getting a virus, just by opening an e-mail is close to 0 (zero).

Unfortunately that's not quite true any more, unless the email was in plain text (which is unlikely).

Most emails are now HTML, and rather than embedding images etc in the email (which would cause them to be much larger and take much longer to send), they will contain tags to download content on the fly. This content could quite easily contain malware. It also contains tracking info.

Most decent email clients (such as Outlook and even Hotmail) do not automatically download this content.


User currently offlinedc9northwest From Switzerland, joined Feb 2007, 2207 posts, RR: 7
Reply 9, posted (2 years 10 months 1 week 3 days 14 hours ago) and read 9906 times:

Wait, Ryanair gave you something without charging you? I can't believe that. Expect an extra 10 quid charged to your credit card for "computer accessories".

I'm joking. But I sincerely doubt that Ryanair would knowingly do such a thing... Unless they want everyone to use the airport check-in so they can make some extra cash.

I'm afraid that running windows will mean that you'll get a virus at some point. I always seemed to get a damaging one a year until I switched. Norton AV did help though.


User currently offlineha763 From United States of America, joined Jan 2003, 3601 posts, RR: 6
Reply 10, posted (2 years 10 months 1 week 3 days 13 hours ago) and read 9456 times:
Support Airliners.net - become a First Class Member!

Quoting Ps76 (Reply 7):

What do you use to access your email?

I'm pretty sure it may have something to do with ads. I got the same thing on my netbook when I was downloading anime from a trusted source, while on vacation. The file was uploaded on a file hosting site, which has ads for free access.


User currently offlineFly2HMO From , joined Dec 1969, posts, RR:
Reply 11, posted (2 years 10 months 1 week 3 days 13 hours ago) and read 9417 times:

Quoting ha763 (Reply 17):


I'm pretty sure it may have something to do with ads

Either that, or a USB jump drive between the two


User currently offlineAirNZ From , joined Dec 1969, posts, RR:
Reply 12, posted (2 years 10 months 1 week 3 days 12 hours ago) and read 9287 times:

Quoting cbphoto (Reply 3):
All jokes aside, you might want to contact Ryanair technical support and talk to them about it

Why if I can ask, or how would you expect Ryanair Tech Support to help? The posters virus did not originate with Ryanair as no attachment was involved in the email, thus nothing to carry a virus.

Quoting Ps76 (Thread starter):
So do you think someone hacked into the Ryanair website and started putting trojans in their e-tickets.

Nope, because if so it would have brought their system down......they couldn't possibly use it to send e-tickets with a virus, and you can bet your life they'd have known about it within minutes.

Quoting dumbell2424 (Reply 15):
The same exact thing on two different computers after performing identical tasks?

Well, that's actually the bit that makes absolutely no sense at all.

As a matter of interest, an e-ticket wasn't opened.......because there's physically no such thing. What the poster received, as anyone does, was a booking confirmation (an -e-ticket is permanently stored in the airline reservation system and never leaves it). Amazes me how so many 'enthusiasts' on a.net can't seem to grasp that.


User currently offlinedumbell2424 From United States of America, joined Apr 2009, 867 posts, RR: 2
Reply 13, posted (2 years 10 months 1 week 3 days 11 hours ago) and read 9185 times:
Support Airliners.net - become a First Class Member!

After thinking about this for a bit, could it be a fake email that is infested? Say they targeted people and just guessed they'd be flying Ryanair.

User currently offlineFWAERJ From United States of America, joined Jun 2006, 3643 posts, RR: 2
Reply 14, posted (2 years 10 months 1 week 3 days 10 hours ago) and read 9048 times:

Quoting dumbell2424 (Reply 20):

After thinking about this for a bit, could it be a fake email that is infested? Say they targeted people and just guessed they'd be flying Ryanair.

Some airlines in the US have been hit by such attacks, DL being one of them.

http://www.allspammedup.com/2009/03/...hing-scam-exploits-delta-airlines/



I don't work for FWA, their tenants, or their ad agency. But I still love FWA.
User currently offlinePs76 From , joined Dec 1969, posts, RR:
Reply 15, posted (2 years 10 months 1 week 3 days 10 hours ago) and read 9030 times:

Hi!

Many thanks for the replies. I'm thinking now maybe it might have been somehow attached to the email from another source? I too find it hard to believe that a company as big as Ryanair would be sending out emails with trojans in them. I also don't know how it got onto the PC's without running an exe file but it has definitely happened before for me with these "Your PC is infected" scams getting onto our PC's. The good thing is that Ryanair allow you to look up your booking without the reference number and just having the date and email address and origin and destination airports. I shall go in September and will endeavor to write a trip report!

Many thanks,

Pierre


User currently offlineKFlyer From Sri Lanka, joined Mar 2007, 1226 posts, RR: 0
Reply 16, posted (2 years 10 months 1 week 3 days 9 hours ago) and read 8951 times:

The best thing that the OP could do is viewing the 'Original message' of the email -ie, the hardcoded HTML. If you deleted it, it could still be in one of the trash folders.
And if you do not use an AV, how really did you get a 'virus infected' notice ? Couldn't you have just opened an ad from some AV provider both times ?
I have never bought any tickets from FR, so I don't know, but it sounds odd if an airline will attach a Java file to a ticket confirmation. And if you were using GMail on web, your email is automatically scanned for email and IIRC, .exe are not opened.
There is no way that some other source could attach something to the email unless FR's MX servers are hacked - which is a big deal.
Finally, I suggest that you start using Microsoft Security Essentials, which is free and is known to catch some malware that even the premium AVs cannot.

[Edited 2011-06-18 19:15:17]


The opinions above are solely my own and do not express those of my employers or clients.
User currently offlinedumbell2424 From United States of America, joined Apr 2009, 867 posts, RR: 2
Reply 17, posted (2 years 10 months 1 week 3 days 9 hours ago) and read 8942 times:
Support Airliners.net - become a First Class Member!

Quoting Ps76 (Reply 22):

Can we get a full copy of the email?


User currently offlinebrons2 From United States of America, joined Sep 2001, 2991 posts, RR: 5
Reply 18, posted (2 years 10 months 1 week 3 days 8 hours ago) and read 8797 times:

Perhaps he uses a Webmail client and the malware was received through some ad in that client?


Firings, if well done, are good for employee morale.
User currently offlineha763 From United States of America, joined Jan 2003, 3601 posts, RR: 6
Reply 19, posted (2 years 10 months 1 week 3 days 4 hours ago) and read 8289 times:
Support Airliners.net - become a First Class Member!

Quoting KFlyer (Reply 23):
And if you do not use an AV, how really did you get a 'virus infected' notice ? Couldn't you have just opened an ad from some AV provider both times ?

It pops up under various names, but this is what he got:

http://www.bleepingcomputer.com/viru...emove-win-7-internet-security-2011

Quoting brons2 (Reply 25):
Perhaps he uses a Webmail client and the malware was received through some ad in that client?

That is what I am thinking. I'm pretty sure my netbook got infected via an ad on a file hosting site.


User currently offlineAirNZ From , joined Dec 1969, posts, RR:
Reply 20, posted (2 years 10 months 1 week 3 days 1 hour ago) and read 6560 times:

Quoting dumbell2424 (Reply 17):
Can we get a full copy of the email?

Hmmm, why would you want a copy of an infected email sent to you....for what purpose, or why would you want to open it?

Quoting dumbell2424 (Reply 13):
After thinking about this for a bit, could it be a fake email that is infested? Say they targeted people and just guessed they'd be flying Ryanair.

I don't quite get your reasoning on that though. The poster made a booking and duly received the Confirmation within seconds. In which case how do you reason that a scammer 'targeted people and just guessed they'd be flying Ryanair'??? Indeed, are you saying that you, yourself, would open an email you suddenly received confirming a booking which you know you never made?


User currently offlinenuckleuz From Netherlands, joined Dec 2005, 55 posts, RR: 0
Reply 21, posted (2 years 10 months 1 week 3 days ago) and read 6281 times:

Quoting AirNZ (Reply 20):
Indeed, are you saying that you, yourself, would open an email you suddenly received confirming a booking which you know you never made?

I once got a confirmation of a couple of flights I didn't book with Ryanair. When I checked the name I saw that the person who made the booking made an error with his email adres during booking.


User currently offlineAirNZ From , joined Dec 1969, posts, RR:
Reply 22, posted (2 years 10 months 1 week 3 days ago) and read 6204 times:

Quoting nuckleuz (Reply 21):
I once got a confirmation of a couple of flights I didn't book with Ryanair. When I checked the name I saw that the person who made the booking made an error with his email adres during booking.

So are you saying someone with a same name as yourself made a booking but gave your email address (as an error), but you opened it knowing you hadn't made a booking to begin with?


User currently offlinenuckleuz From Netherlands, joined Dec 2005, 55 posts, RR: 0
Reply 23, posted (2 years 10 months 1 week 2 days 23 hours ago) and read 5873 times:

Quoting AirNZ (Reply 22):
So are you saying someone with a same name as yourself made a booking but gave your email address (as an error), but you opened it knowing you hadn't made a booking to begin with?

No, I'm not saying this person had the same name as me, but almost the same emailadress.

I opened it because I actually made a booking with Ryanair an hour before this  


User currently offlineAirNZ From , joined Dec 1969, posts, RR:
Reply 24, posted (2 years 10 months 1 week 2 days 21 hours ago) and read 4989 times:

Quoting nuckleuz (Reply 23):
No, I'm not saying this person had the same name as me, but almost the same emailadress.

I opened it because I actually made a booking with Ryanair an hour before this

Fair enough....from your post I naturally took it that you hadn't made a booking as you stated.


25 dumbell2424 : I'm saying copy of the text, including the sender information. So, we can see if this was a rogue email or legitimate Ryanair email.
26 AirNZ : But a copy of the text wouldn't show you that information to determine legitimacy.....you would need the Header/Footer and which is only on the origi
27 dumbell2424 : i.e. OP copying and pasting everything in here such as From: soandso @ yahoo To: soandso @ gmail CC: virus @ msn Date: 18 Jun 11 1:52PM Subject: Your
28 AirNZ : Yes, but you're missing my point......in copy/pasting anything can be altered (to then show what one wants to be seen). Unless you have an original e
29 dumbell2424 : And you're missing my point from reply 13. Seeing as the OP wants an answer, I doubt he would change this info.
30 AirNZ : I'm quite clear on your reply in post 13......and which, incidently, you pointedly never answered my question on! Shall I ask it again? Someone made
31 dumbell2424 : I've seen plenty of targeted spam, much like things like this. If it's not for me, I delete it, but I can see where if it did fit you, where you coul
32 AirNZ : Of course, and and certainly not even remotely denying such. However, targeted span in one thing, but you stated a scammer send in a fake email and j
33 DeltaMD90 : I used to play jokes on people a lot... you can change the address an email was sent from. It is very possible it was sent from a bad person and they
34 Ps76 : Hi! Just to say I don't think I made it up or was imagining things, although I can see why people would think that as receiving a trojan in an airline
Top Of Page
Forum Index

This topic is archived and can not be replied to any more.

Printer friendly format

Similar topics:More similar topics...
Got An Interview With Swissport! posted Wed Mar 25 2009 14:49:23 by LatinTraveller
Help Me With My Thesis :) (Part 1) posted Mon Feb 9 2009 19:20:04 by Kleinsim
I Need Help With My Business Class Business Case posted Thu Dec 27 2007 02:10:33 by Peh
I Got The Job With Comair! posted Sat Jul 21 2007 19:52:35 by SWA TPA
What To Do With My Tickets? posted Sun Jul 15 2007 09:31:04 by Vtdl
Got An Interview With Westjet. Need Help. posted Sat May 26 2007 03:05:52 by Kevin
SIA Pilot: "I Can Fly A380 With My Fingertips" posted Fri May 11 2007 08:43:51 by Scotron11
Can Somebody Help Me With My Trip To FLL? posted Tue Mar 13 2007 11:27:15 by Palladium
A Video I Made With My Favorite Music (civil Av) posted Mon Jan 22 2007 12:51:04 by Deaphen
Items Got Stolen Out Of My Suitcase @ LAX posted Fri Nov 3 2006 16:26:00 by RELAX457