Received dodgy Rar with exe file

**Argyll** · 19th January 2009

I've just received a dodgy email with a RAR attached containing an exe file. I've scanned it with nod and malwarebytes. It contains an exe file. Now obviously it's either a virus or something similar. I'm a nosey bastard though so is there anyway I can find out exactly what it is?

The email claims they're from United airlines:

Thank you for using our new service "United Airlines ticket Online" on our website.
Your account has been created:

Your login: xxxxxxxxxxxxxxxxxxxxxxxxxx Your password: pass4L8B

Your credit card has been charged for $990.85.
We would like to remind you that whenever you order tickets on our website you get a discount of 3%!
Attached to this message is the purchase Invoice and the United Airlines ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

**Undertaker** · 19th January 2009

could disassemble it in olly or ida pro and see what you get

**CzarJunkie** · 19th January 2009

Looks like they've taken you in some kind of sophisticated sting operation, I'd cancel your credit cards and open the file they claim is the invoice to see how much it's actually for, could be more that the $990.85.

Do it, before it's too late.

**DJAd** · 19th January 2009

Originally Posted by Argyll

I'm a nosey bastard though so is there anyway I can find out exactly what it is?

Double click it and find out!

**Argyll** · 19th January 2009

Originally Posted by CzarJunkie

Looks like they've taken you in some kind of sophisticated sting operation, I'd cancel your credit cards and open the file they claim is the invoice to see how much it's actually for, could be more that the $990.85.

Do it, before it's too late.

Better still why don't I send it to you. I hear you like opening things up

**Geezah** · 19th January 2009

I had the exact same email last week (or the week before) saying my airline tickets were booked and here is the invoice or something like.
The rar.exe file has an excell icon and it is acctually a trojan horse programme (I forgett the name).
Its clever how they used a VB script to cover their intentions.... the file wants to download and install the real malware once its activated.
Wasn't picked up by Adaware, Spybot or Avira
I'm a nosey bugger too

**Over Carl** · 19th January 2009

If you do have to run virus infected programs, get vmware - pm me if you need to know where to find it. Then set that up, set up a small xp machine without network access, then run whatever in there.

At least if it kills windows, you can just shut that application and carry on.