Continental Airlines is the latest company to be exploited by scammers. A new wave of spam claiming to be from the airline attempts to trick the recipient into downloading malware. The messages come with an attachment that look like ticket invoices and boarding passes and thank the recipient for buying their tickets online. A username and password are provided as well as the confirmation of a $900 charge to their credit card. The attachment, called “e-ticket.doc.exe” is actually a worm that downloads additional malware to the user’s PC.

Earlier this year a similar attack targeted Delta and Northwest Airlines but used a different kind of malware. The Trojan in that attack gained fame after it was used to steal the personal info of over a million customers of Monster Worldwide, the parent company of Monster.com. It downloaded one of two other pieces of malware. One, called Banker.c, monitors the infected system for any online banking accounts. When it detects a log on the username and password the information is transmitted to a remote host. The other, Gpcoder, is ransomware. It encrypts all the files on an infected system and demands that the user pay a fee to get their access back.

So far Continental hasn’t commented about the attack, but experts hope that since many spam filters automatically strip attachments ending in .exe most of the infected messages will never reach inboxes.