Ps76 From , joined Dec 1969, posts, RR: Posted (1 year 11 months 5 days 6 hours ago) and read 9789 times:
Hi!
Just want to say first I don't intend for this to be a Ryanair bashing thread! I actually quite like Ryanair. They fly to some interesting smaller destinations in Europe and their fares are still cheaper than anyone else if you book in advance and don't have any checked luggage. But today I booked a flight from London Gatwick to Dublin on the 6th September and when I opened up the confirmation email it had a trojan in it. It was one of the "you PC is infected with viruses please buy this software" type of malware. I'm pretty sure it came from the email as the first time I opened it up it took ages and infected a hotel's PC where I was at the time and then when I got home I opened it up again (stupidly) and the exact same thing happened. The PC was properly infected and required a reboot in safe mode and then a scan with Malwarebytes anti-malware to fix it. So do you think someone hacked into the Ryanair website and started putting trojans in their e-tickets. Seems pretty hard to believe that a major company like Ryanair could be hacked in this way. I didn't send them an email because they're probably too busy to be dealing with my problems but just thought I would share the information so people can be aware in the future.
noelg From , joined Dec 1969, posts, RR: Reply 2, posted (1 year 11 months 5 days 6 hours ago) and read 9724 times:
I think this was more likely an issue with the hotel's PC than with Ryanair's email.
Ryanair don't send any attachments with their confirmations - it's just a plain email (not even any images, at least the last time we booked).
You do not get a virus via email without running something, even if you did your AV would pick it up (if up to date of course and not a zero hour exploit of course).
cbphoto From United States of America, joined Dec 2003, 1506 posts, RR: 6 Reply 3, posted (1 year 11 months 5 days 6 hours ago) and read 9707 times:
Nah..just another user fee in the works. "For an additional 10 EU, your e-ticket will be guaranteed virus free!" All jokes aside, you might want to contact Ryanair technical support and talk to them about it. Non the less, that sucks!
kl911 From Ireland, joined Jul 2003, 4974 posts, RR: 14 Reply 4, posted (1 year 11 months 5 days 5 hours ago) and read 9607 times:
Quoting noelg (Reply 2): I think this was more likely an issue with the hotel's PC than with Ryanair's email.
Ryanair don't send any attachments with their confirmations - it's just a plain email (not even any images, at least the last time we booked).
You do not get a virus via email without running something, even if you did your AV would pick it up (if up to date of course and not a zero hour exploit of course).
True, this has nothing to do with Ryanair.
" The European consumer would crawl naked over broken glass to get low fares." Michael O'Leary
flyingbird From Sweden, joined Mar 2005, 150 posts, RR: 0 Reply 5, posted (1 year 11 months 5 days 5 hours ago) and read 9575 times:
IF there is a virus attached to an e-mail, you have to RUN the file/virus to activate it. A virus that hasn't been activated/executed (double clicked) is completely harmless. Most mailservers/mail clients blocks all .exe files and other files that can be executed, so the risk getting a virus, just by opening an e-mail is close to 0 (zero).
Ps76 From , joined Dec 1969, posts, RR: Reply 7, posted (1 year 11 months 5 days 5 hours ago) and read 9479 times:
Hi!
Many thanks for the replies. Maybe I'm wrong with the fact that a trojan could be embedded in a simple email but I am pretty sure I got the same issue after opening the email on two different computers. One thing I noticed is that when I opened the email it took a long time and Java started up. When it happened on my home Vista PC Vista did say that a program wants to start and of course I said no but I was already infected. I must add that I stupidly do not use any antivirus on my home PC. I'm a flightsimmer and I get scared that antivirus will reduce my precious FPS in FSX! Anyway it could well be that it had nothing to do with Ryanair and you're right their email is very basic without even any graphics. I deleted the email though and of course it won't put me off flying them. Thankfully their 737-800's don't use Microsoft technology!
Woof From , joined Dec 1969, posts, RR: Reply 8, posted (1 year 11 months 5 days 5 hours ago) and read 9439 times:
Quoting flyingbird (Reply 5): IF there is a virus attached to an e-mail, you have to RUN the file/virus to activate it. A virus that hasn't been activated/executed (double clicked) is completely harmless. Most mailservers/mail clients blocks all .exe files and other files that can be executed, so the risk getting a virus, just by opening an e-mail is close to 0 (zero).
Unfortunately that's not quite true any more, unless the email was in plain text (which is unlikely).
Most emails are now HTML, and rather than embedding images etc in the email (which would cause them to be much larger and take much longer to send), they will contain tags to download content on the fly. This content could quite easily contain malware. It also contains tracking info.
Most decent email clients (such as Outlook and even Hotmail) do not automatically download this content.
dc9northwest From Romania, joined Feb 2007, 1734 posts, RR: 4 Reply 9, posted (1 year 11 months 5 days 5 hours ago) and read 9393 times:
Wait, Ryanair gave you something without charging you? I can't believe that. Expect an extra 10 quid charged to your credit card for "computer accessories".
I'm joking. But I sincerely doubt that Ryanair would knowingly do such a thing... Unless they want everyone to use the airport check-in so they can make some extra cash.
I'm afraid that running windows will mean that you'll get a virus at some point. I always seemed to get a damaging one a year until I switched. Norton AV did help though.
I'm pretty sure it may have something to do with ads. I got the same thing on my netbook when I was downloading anime from a trusted source, while on vacation. The file was uploaded on a file hosting site, which has ads for free access.
AirNZ From , joined Dec 1969, posts, RR: Reply 12, posted (1 year 11 months 5 days 3 hours ago) and read 8774 times:
Quoting cbphoto (Reply 3): All jokes aside, you might want to contact Ryanair technical support and talk to them about it
Why if I can ask, or how would you expect Ryanair Tech Support to help? The posters virus did not originate with Ryanair as no attachment was involved in the email, thus nothing to carry a virus.
Quoting Ps76 (Thread starter): So do you think someone hacked into the Ryanair website and started putting trojans in their e-tickets.
Nope, because if so it would have brought their system down......they couldn't possibly use it to send e-tickets with a virus, and you can bet your life they'd have known about it within minutes.
Quoting dumbell2424 (Reply 15): The same exact thing on two different computers after performing identical tasks?
Well, that's actually the bit that makes absolutely no sense at all.
As a matter of interest, an e-ticket wasn't opened.......because there's physically no such thing. What the poster received, as anyone does, was a booking confirmation (an -e-ticket is permanently stored in the airline reservation system and never leaves it). Amazes me how so many 'enthusiasts' on a.net can't seem to grasp that.
dumbell2424 From United States of America, joined Apr 2009, 791 posts, RR: 2 Reply 13, posted (1 year 11 months 5 days 1 hour ago) and read 8672 times:
After thinking about this for a bit, could it be a fake email that is infested? Say they targeted people and just guessed they'd be flying Ryanair.
FWAERJ From United States of America, joined Jun 2006, 3170 posts, RR: 1 Reply 14, posted (1 year 11 months 5 days 1 hour ago) and read 8535 times:
Quoting dumbell2424 (Reply 20):
After thinking about this for a bit, could it be a fake email that is infested? Say they targeted people and just guessed they'd be flying Ryanair.
Some airlines in the US have been hit by such attacks, DL being one of them.
Ps76 From , joined Dec 1969, posts, RR: Reply 15, posted (1 year 11 months 5 days ago) and read 8517 times:
Hi!
Many thanks for the replies. I'm thinking now maybe it might have been somehow attached to the email from another source? I too find it hard to believe that a company as big as Ryanair would be sending out emails with trojans in them. I also don't know how it got onto the PC's without running an exe file but it has definitely happened before for me with these "Your PC is infected" scams getting onto our PC's. The good thing is that Ryanair allow you to look up your booking without the reference number and just having the date and email address and origin and destination airports. I shall go in September and will endeavor to write a trip report!
KFlyer From Sri Lanka, joined Mar 2007, 1208 posts, RR: 0 Reply 16, posted (1 year 11 months 5 days ago) and read 8438 times:
The best thing that the OP could do is viewing the 'Original message' of the email -ie, the hardcoded HTML. If you deleted it, it could still be in one of the trash folders.
And if you do not use an AV, how really did you get a 'virus infected' notice ? Couldn't you have just opened an ad from some AV provider both times ?
I have never bought any tickets from FR, so I don't know, but it sounds odd if an airline will attach a Java file to a ticket confirmation. And if you were using GMail on web, your email is automatically scanned for email and IIRC, .exe are not opened.
There is no way that some other source could attach something to the email unless FR's MX servers are hacked - which is a big deal.
Finally, I suggest that you start using Microsoft Security Essentials, which is free and is known to catch some malware that even the premium AVs cannot.
[Edited 2011-06-18 19:15:17]
The opinions above are solely my own and do not express those of my employers or clients.
ha763 From United States of America, joined Jan 2003, 3492 posts, RR: 6 Reply 19, posted (1 year 11 months 4 days 19 hours ago) and read 7776 times:
Quoting KFlyer (Reply 23): And if you do not use an AV, how really did you get a 'virus infected' notice ? Couldn't you have just opened an ad from some AV provider both times ?
It pops up under various names, but this is what he got:
Hmmm, why would you want a copy of an infected email sent to you....for what purpose, or why would you want to open it?
Quoting dumbell2424 (Reply 13): After thinking about this for a bit, could it be a fake email that is infested? Say they targeted people and just guessed they'd be flying Ryanair.
I don't quite get your reasoning on that though. The poster made a booking and duly received the Confirmation within seconds. In which case how do you reason that a scammer 'targeted people and just guessed they'd be flying Ryanair'??? Indeed, are you saying that you, yourself, would open an email you suddenly received confirming a booking which you know you never made?
nuckleuz From Netherlands, joined Dec 2005, 49 posts, RR: 0 Reply 21, posted (1 year 11 months 4 days 14 hours ago) and read 5768 times:
Quoting AirNZ (Reply 20): Indeed, are you saying that you, yourself, would open an email you suddenly received confirming a booking which you know you never made?
I once got a confirmation of a couple of flights I didn't book with Ryanair. When I checked the name I saw that the person who made the booking made an error with his email adres during booking.
AirNZ From , joined Dec 1969, posts, RR: Reply 22, posted (1 year 11 months 4 days 14 hours ago) and read 5691 times:
Quoting nuckleuz (Reply 21): I once got a confirmation of a couple of flights I didn't book with Ryanair. When I checked the name I saw that the person who made the booking made an error with his email adres during booking.
So are you saying someone with a same name as yourself made a booking but gave your email address (as an error), but you opened it knowing you hadn't made a booking to begin with?
nuckleuz From Netherlands, joined Dec 2005, 49 posts, RR: 0 Reply 23, posted (1 year 11 months 4 days 14 hours ago) and read 5360 times:
Quoting AirNZ (Reply 22): So are you saying someone with a same name as yourself made a booking but gave your email address (as an error), but you opened it knowing you hadn't made a booking to begin with?
No, I'm not saying this person had the same name as me, but almost the same emailadress.
I opened it because I actually made a booking with Ryanair an hour before this
AirNZ From , joined Dec 1969, posts, RR: Reply 24, posted (1 year 11 months 4 days 11 hours ago) and read 4476 times:
Quoting nuckleuz (Reply 23): No, I'm not saying this person had the same name as me, but almost the same emailadress.
I opened it because I actually made a booking with Ryanair an hour before this
Fair enough....from your post I naturally took it that you hadn't made a booking as you stated.
25 dumbell2424: I'm saying copy of the text, including the sender information. So, we can see if this was a rogue email or legitimate Ryanair email.
26 AirNZ: But a copy of the text wouldn't show you that information to determine legitimacy.....you would need the Header/Footer and which is only on the origi
27 dumbell2424: i.e. OP copying and pasting everything in here such as From: soandso @ yahoo To: soandso @ gmail CC: virus @ msn Date: 18 Jun 11 1:52PM Subject: Your
28 AirNZ: Yes, but you're missing my point......in copy/pasting anything can be altered (to then show what one wants to be seen). Unless you have an original e
29 dumbell2424: And you're missing my point from reply 13. Seeing as the OP wants an answer, I doubt he would change this info.
30 AirNZ: I'm quite clear on your reply in post 13......and which, incidently, you pointedly never answered my question on! Shall I ask it again? Someone made
31 dumbell2424: I've seen plenty of targeted spam, much like things like this. If it's not for me, I delete it, but I can see where if it did fit you, where you coul
32 AirNZ: Of course, and and certainly not even remotely denying such. However, targeted span in one thing, but you stated a scammer send in a fake email and j
33 DeltaMD90: I used to play jokes on people a lot... you can change the address an email was sent from. It is very possible it was sent from a bad person and they
34 Ps76: Hi! Just to say I don't think I made it up or was imagining things, although I can see why people would think that as receiving a trojan in an airline
Sponsor Message: 
From , joined Dec 1969, posts, 
From , joined Dec 1969, posts, 
From United States of America, joined Dec 2003, 1506 posts, 
From Ireland, joined Jul 2003, 4974 posts, 
From Sweden, joined Mar 2005, 150 posts, 
From , joined Dec 1969, posts, 
From Romania, joined Feb 2007, 1734 posts, 
From Sri Lanka, joined Mar 2007, 1208 posts, 
From Netherlands, joined Dec 2005, 49 posts, 
Printer friendly format 
