Ps76 From , joined Dec 1969, posts, RR: Posted (4 years 1 month 2 weeks 22 hours ago) and read 10793 times:
Just want to say first I don't intend for this to be a Ryanair bashing thread! I actually quite like Ryanair. They fly to some interesting smaller destinations in Europe and their fares are still cheaper than anyone else if you book in advance and don't have any checked luggage. But today I booked a flight from London Gatwick to Dublin on the 6th September and when I opened up the confirmation email it had a trojan in it. It was one of the "you PC is infected with viruses please buy this software" type of malware. I'm pretty sure it came from the email as the first time I opened it up it took ages and infected a hotel's PC where I was at the time and then when I got home I opened it up again (stupidly) and the exact same thing happened. The PC was properly infected and required a reboot in safe mode and then a scan with Malwarebytes anti-malware to fix it. So do you think someone hacked into the Ryanair website and started putting trojans in their e-tickets. Seems pretty hard to believe that a major company like Ryanair could be hacked in this way. I didn't send them an email because they're probably too busy to be dealing with my problems but just thought I would share the information so people can be aware in the future.
cbphoto From United States of America, joined Dec 2003, 1638 posts, RR: 5
Reply 3, posted (4 years 1 month 2 weeks 22 hours ago) and read 10711 times:
Nah..just another user fee in the works. "For an additional 10 EU, your e-ticket will be guaranteed virus free!" All jokes aside, you might want to contact Ryanair technical support and talk to them about it. Non the less, that sucks!
flyingbird From Sweden, joined Mar 2005, 177 posts, RR: 0
Reply 5, posted (4 years 1 month 2 weeks 22 hours ago) and read 10579 times:
IF there is a virus attached to an e-mail, you have to RUN the file/virus to activate it. A virus that hasn't been activated/executed (double clicked) is completely harmless. Most mailservers/mail clients blocks all .exe files and other files that can be executed, so the risk getting a virus, just by opening an e-mail is close to 0 (zero).
Ps76 From , joined Dec 1969, posts, RR:
Reply 7, posted (4 years 1 month 2 weeks 22 hours ago) and read 10483 times:
Many thanks for the replies. Maybe I'm wrong with the fact that a trojan could be embedded in a simple email but I am pretty sure I got the same issue after opening the email on two different computers. One thing I noticed is that when I opened the email it took a long time and Java started up. When it happened on my home Vista PC Vista did say that a program wants to start and of course I said no but I was already infected. I must add that I stupidly do not use any antivirus on my home PC. I'm a flightsimmer and I get scared that antivirus will reduce my precious FPS in FSX! Anyway it could well be that it had nothing to do with Ryanair and you're right their email is very basic without even any graphics. I deleted the email though and of course it won't put me off flying them. Thankfully their 737-800's don't use Microsoft technology!
Woof From , joined Dec 1969, posts, RR:
Reply 8, posted (4 years 1 month 2 weeks 21 hours ago) and read 10443 times:
Quoting flyingbird (Reply 5): IF there is a virus attached to an e-mail, you have to RUN the file/virus to activate it. A virus that hasn't been activated/executed (double clicked) is completely harmless. Most mailservers/mail clients blocks all .exe files and other files that can be executed, so the risk getting a virus, just by opening an e-mail is close to 0 (zero).
Unfortunately that's not quite true any more, unless the email was in plain text (which is unlikely).
Most emails are now HTML, and rather than embedding images etc in the email (which would cause them to be much larger and take much longer to send), they will contain tags to download content on the fly. This content could quite easily contain malware. It also contains tracking info.
Most decent email clients (such as Outlook and even Hotmail) do not automatically download this content.
I'm pretty sure it may have something to do with ads. I got the same thing on my netbook when I was downloading anime from a trusted source, while on vacation. The file was uploaded on a file hosting site, which has ads for free access.
AirNZ From , joined Dec 1969, posts, RR:
Reply 12, posted (4 years 1 month 2 weeks 19 hours ago) and read 9778 times:
Quoting cbphoto (Reply 3): All jokes aside, you might want to contact Ryanair technical support and talk to them about it
Why if I can ask, or how would you expect Ryanair Tech Support to help? The posters virus did not originate with Ryanair as no attachment was involved in the email, thus nothing to carry a virus.
Quoting Ps76 (Thread starter): So do you think someone hacked into the Ryanair website and started putting trojans in their e-tickets.
Nope, because if so it would have brought their system down......they couldn't possibly use it to send e-tickets with a virus, and you can bet your life they'd have known about it within minutes.
Quoting dumbell2424 (Reply 15): The same exact thing on two different computers after performing identical tasks?
Well, that's actually the bit that makes absolutely no sense at all.
As a matter of interest, an e-ticket wasn't opened.......because there's physically no such thing. What the poster received, as anyone does, was a booking confirmation (an -e-ticket is permanently stored in the airline reservation system and never leaves it). Amazes me how so many 'enthusiasts' on a.net can't seem to grasp that.
Ps76 From , joined Dec 1969, posts, RR:
Reply 15, posted (4 years 1 month 2 weeks 17 hours ago) and read 9521 times:
Many thanks for the replies. I'm thinking now maybe it might have been somehow attached to the email from another source? I too find it hard to believe that a company as big as Ryanair would be sending out emails with trojans in them. I also don't know how it got onto the PC's without running an exe file but it has definitely happened before for me with these "Your PC is infected" scams getting onto our PC's. The good thing is that Ryanair allow you to look up your booking without the reference number and just having the date and email address and origin and destination airports. I shall go in September and will endeavor to write a trip report!
KFlyer From Sri Lanka, joined Mar 2007, 1247 posts, RR: 0
Reply 16, posted (4 years 1 month 2 weeks 16 hours ago) and read 9442 times:
The best thing that the OP could do is viewing the 'Original message' of the email -ie, the hardcoded HTML. If you deleted it, it could still be in one of the trash folders.
And if you do not use an AV, how really did you get a 'virus infected' notice ? Couldn't you have just opened an ad from some AV provider both times ?
I have never bought any tickets from FR, so I don't know, but it sounds odd if an airline will attach a Java file to a ticket confirmation. And if you were using GMail on web, your email is automatically scanned for email and IIRC, .exe are not opened.
There is no way that some other source could attach something to the email unless FR's MX servers are hacked - which is a big deal.
Finally, I suggest that you start using Microsoft Security Essentials, which is free and is known to catch some malware that even the premium AVs cannot.
[Edited 2011-06-18 19:15:17]
The opinions above are solely my own and do not express those of my employers or clients.
Hmmm, why would you want a copy of an infected email sent to you....for what purpose, or why would you want to open it?
Quoting dumbell2424 (Reply 13): After thinking about this for a bit, could it be a fake email that is infested? Say they targeted people and just guessed they'd be flying Ryanair.
I don't quite get your reasoning on that though. The poster made a booking and duly received the Confirmation within seconds. In which case how do you reason that a scammer 'targeted people and just guessed they'd be flying Ryanair'??? Indeed, are you saying that you, yourself, would open an email you suddenly received confirming a booking which you know you never made?
AirNZ From , joined Dec 1969, posts, RR:
Reply 22, posted (4 years 1 month 2 weeks 7 hours ago) and read 6695 times:
Quoting nuckleuz (Reply 21): I once got a confirmation of a couple of flights I didn't book with Ryanair. When I checked the name I saw that the person who made the booking made an error with his email adres during booking.
So are you saying someone with a same name as yourself made a booking but gave your email address (as an error), but you opened it knowing you hadn't made a booking to begin with?
nuckleuz From Netherlands, joined Dec 2005, 116 posts, RR: 0
Reply 23, posted (4 years 1 month 2 weeks 6 hours ago) and read 6364 times:
Quoting AirNZ (Reply 22): So are you saying someone with a same name as yourself made a booking but gave your email address (as an error), but you opened it knowing you hadn't made a booking to begin with?
No, I'm not saying this person had the same name as me, but almost the same emailadress.
I opened it because I actually made a booking with Ryanair an hour before this