Virus Email - BH Live Tickets Confirmation of Order Number for the Peter Pan Show

Virus Email - BH Live Tickets Confirmation of Order Number for the Peter Pan Show

Would you share this Article with others?

The email message below: "Confirmation of Order Number 484914," is a fake and has a virus or Trojan horse attached to it that will infect your Windows computer if you open it. The message was not sent by BH Live Tickets, but by cyber-criminals, who designed it to trick the recipients into opening the malicious attachment, by claiming that they should open the attachment to view and print their e-tickets for the 'Peter Pan' show.

So, if you receive the same email message, please delete it and do not attempt to open the attachment.

The Virus Email Message

From: bhlivetickets @bhlive.co.uk
Date: 8 September 2014 09:15
Subject: Confirmation of Order Number 484914
Attachment: tickets.3130599.zip

Order Number Order Date
484914 07-09-2014 13:00

YOUR E-TICKET(S) ARE ATTACHED TO THIS EMAIL, SENT TO [Email Removed]. Please print ALL PAGES of the PDF file attached to the email and bring them with you to gain admission to the event.

The attachment requires that you have the Adobe Acrobat Reader installed on your computer. If you do not have Adobe Acrobat Reader installed, please click HERE to download and install this program.


Peter Pan

Bournemouth Pavilion Theatre
Tue 23 Dec 2014 - 7:00 PM 3 Early Bird - Price A 18.00 54.00
6 Early Bird Child Under 16 - Price A 15.00 90.00

Ticket Information
Circle/A 35-30 (6) , Circle/B 33-31 (3)


Print At Home - E-Ticket(s) are attached to this order confirmation (You must be able to open and print a PDF file) 1.00


Mastercard Sale ****** ****** 7006 03-09-2014 13:00 145.00

Please keep this confirmation in a safe place.



Please call 0844 576 3000 if there are any errors in your order, if you have not received your tickets as expected, or if you have any questions.

BH Live Tickets
Exeter Road, Bournemouth, BH2 5BH
Tel: 0844 576 3000

bhlivetickets @bhlive.co.uk

VAT Reg: 108 2248 37
TICKETS: 144.00
TOTAL: 145.00

The email attachment "tickets.3130599.zip" contains the malicious file "tickets.3130599.exe" or "tickets.332091.exe", and is not a PDF document as the malicious email message stated.

Note: The attachment name may change.

We found the following threats after scanning the malicious file:

  • Win32:Malware-gen
  • HW32.Laneul.gykc
  • W32/Trojan.QXGE-7217
  • HEUR/Malware.QVM07.Gen
  • PE:Malware.FakePDF@CV!1.9C3A
  • SScope.Malware-Cryptor.Hlux

The cyber-criminals behind the malicious email message aim is to trick the curious recipients into opening the malicious attachment that will infect their computers with a virus or Trojan horse.

Once their computers have become infected with the malicious virus or Trojan horse, the cyber-criminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cyber-crimes, or steal your personal and financial information.

Now, if you have already opened anyone of the malicious attachment, please do a full scan of your computer with the antivirus software installed on it. The name of the attachment may change, so be careful when opening email attachments.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

Also, never open an attachment that has a name ending with “.exe”, because these files will infect your computer with viruses, Trojan horse and other malware.

Click here for a list of email attachments you should never open, regardless of where they came from.

For a list of other virus email messages, please click here.

BH Live Tickets is aware of the malicious email and have posted the following notice on their website:


Monday 8 September – Emails have been sent to a number of recipients purporting to be from BH Live.initial investigations suggest that emails did not originate from BH Live’s systems or network. Please do not open any attachments or click any links.

We will post updates via our website and social media. We apologise for any inconvenience.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Check the comment section below for additional information, if there is any. Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com. And, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent. Also, to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
There are no comments as yet, please leave one below or revisit.

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.
Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

Virus Email - BH Live Tickets Confirmation of Order Number for the Peter Pan Show