Fraudulent messages claiming to be ticket confirmations actually contain harmful software.
Northwest, Sun Country and other airlines warned their customers Friday about phony e-mails that claim to be from the airlines with confirmations of recently purchased tickets -- but actually contain a virus.
The e-mails prompted a barrage of calls to Mendota Heights-based Sun Country and led Eagan-based Northwest to issue a warning.
"Customers should be aware that these e-mails are not coming from the airline," said Al Lenza, Northwest's vice president for e-commerce. "NWA itineraries are specific and contain information that customer will recognize. If the format does not look familiar to you, and you have not recently purchased a ticket, do not open the attachment. Delete the e-mail right away."
NWA spokeswoman Michelle Aguayo-Shannon said the airline received "a handful of inquiries" about the e-mails.
Other e-mails purported to be from Midwest Airlines and Delta Air Lines, which also warned their customers.
Craig Schmugar, a researcher with McAfee Avert Labs in Santa Clara, Calif., said the bogus e-mails began arriving in Twin Cities in-boxes just after 7 a.m. Friday. They are likely the work of attackers from Russia who last week unleashed a similar round of spam involving United Parcel Service, he said.
In Friday's attack, e-mails contained letters thanking customers for using a new service called "Buy airplane ticket Online." Recipients were told that their credit cards had been charged $400 or more for an airline ticket, which they could print out by opening an attached .zip file.
The attachment contains the virus "Trojan.Zbot-1715," which then infects the computer.
Deb Smith of Bloomington called Sun Country to inquire about the letter before clicking on the attachment. "I know I didn't order tickets, and I checked with my bank and nothing had been charged," she said. "I thought, 'What is Sun Country up to?'"
John Fredrickson, general counsel at Sun Country, confirmed that the airline does not have any such service and that nobody's credit card has been charged.
"Nothing from Sun Country was used to originate these e-mails," the company said on its website.
Wayne Periman, director of operations for Symantec Corp., a computer security company, said the purpose behind the e-mails is to trick people into running the malware program so attackers can gain access to the recipient's computer. With remote access, the attackers can root around the computer and harvest log-ons, passwords and other information stored on the recipient's machine.
Schmugar, of McAfee, said that the information then can be used for identity theft or other types of fraud.