Virus Email - BH Live Tickets Confirmation of Order Number for the Peter Pan Show
The email message below: "Confirmation of Order Number 484914," is a fake and has a virus or Trojan horse attached to it that will infect your Windows computer if you open it. The message was not sent by BH Live Tickets, but by cyber-criminals, who designed it to trick the recipients into opening the malicious attachment, by claiming that they should open the attachment to view and print their e-tickets for the 'Peter Pan' show.
So, if you receive the same email message, please delete it and do not attempt to open the attachment.
The Virus Email Message
From: bhlivetickets @bhlive.co.uk
Date: 8 September 2014 09:15
Subject: Confirmation of Order Number 484914
Attachment: tickets.3130599.zipORDER CONFIRMATION
Order Number Order Date
484914 07-09-2014 13:00YOUR E-TICKET(S) ARE ATTACHED TO THIS EMAIL, SENT TO [Email Removed]. Please print ALL PAGES of the PDF file attached to the email and bring them with you to gain admission to the event.
The attachment requires that you have the Adobe Acrobat Reader installed on your computer. If you do not have Adobe Acrobat Reader installed, please click HERE to download and install this program.
TICKETS QTY TICKET TYPE PRICE EACHTOTAL
Peter Pan
Bournemouth Pavilion Theatre
Tue 23 Dec 2014 - 7:00 PM 3 Early Bird - Price A18.0054.00
6 Early Bird Child Under 16 - Price A 15.00 90.00Ticket Information
Circle/A 35-30 (6) , Circle/B 33-31 (3)DELIVERY METHOD AMOUNT
Print At Home - E-Ticket(s) are attached to this order confirmation (You must be able to open and print a PDF file) 1.00
PAYMENTS TYPE # DATE AMOUNT
Mastercard Sale ****** ****** 7006 03-09-2014 13:00 145.00
Please keep this confirmation in a safe place.
THIS IS NOT YOUR TICKET
YOUR E-TICKET(S) ARE ATTACHED TO THIS EMAIL
Please call 0844 576 3000 if there are any errors in your order, if you have not received your tickets as expected, or if you have any questions.
BH Live Tickets
Exeter Road, Bournemouth, BH2 5BH
Tel: 0844 576 3000bhlivetickets @bhlive.co.uk
http://www.bhlivetickets.co.ukVAT Reg: 108 2248 37
TICKETS: 144.00
CHARGES: 1.00
TOTAL: 145.00
PAYMENTS RECEIVED: 145.00
The email attachment "tickets.3130599.zip" contains the malicious file "tickets.3130599.exe" or "tickets.332091.exe", and is not a PDF document as the malicious email message stated.
Note: The attachment name may change.
We found the following threats after scanning the malicious file:
- Win32:Malware-gen
- HW32.Laneul.gykc
- W32/Trojan.QXGE-7217
- HEUR/Malware.QVM07.Gen
- PE:Malware.FakePDF@CV!1.9C3A
- SScope.Malware-Cryptor.Hlux
The cyber-criminals behind the malicious email message aim is to trick the curious recipients into opening the malicious attachment that will infect their computers with a virus or Trojan horse.
Once their computers have become infected with the malicious virus or Trojan horse, the cyber-criminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cyber-crimes, or steal your personal and financial information.
Now, if you have already opened anyone of the malicious attachment, please do a full scan of your computer with the antivirus software installed on it. The name of the attachment may change, so be careful when opening email attachments.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
Also, never open an attachment that has a name ending with “.exe”, because these files will infect your computer with viruses, Trojan horse and other malware.
Click here for a list of email attachments you should never open, regardless of where they came from.
For a list of other virus email messages, please click here.
BH Live Tickets is aware of the malicious email and have posted the following notice on their website:
CUSTOMER NOTICE
Monday 8 September – Emails have been sent to a number of recipients purporting to be from BH Live.initial investigations suggest that emails did not originate from BH Live’s systems or network. Please do not open any attachments or click any links.
We will post updates via our website and social media. We apologise for any inconvenience.
Check the comment section for additional information, or share what you know or ask a question about this article, by clicking the 'View or Write Comment' button below.
Note: Some of the information in samples on this website may have been impersonated or spoofed.