Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

Spam E-mail Campaign Masquerading Delta Airlines

In an attempt to distribute pieces of malware, a reputed Swiss security blog has reported of a spam e-mail campaign leveraging the name and reputation of Delta Airlines.

The fake e-mail informs the recipients about the purchase of a ticket with their credit cards and contains a link leading to a fake site, where the ZIP archive pdf_delta_ticket.zip is provided for download. The archive also integrates a screensaver file that contains the Trojan, which currently contains a small detection rate.

According to a reputed Swiss Security Expert and Creator of the abuse.ch, Roman Hussy, this binary is packed by with a packer, which is entirely VM-aware for which it will only run on a indigenous machine. However, once these are infected, the systems attempt to contact various Citadel C&C servers that are situated in the similar subnet belonging to an ISP, Aztec Ltd, and that which have already been scheduled on Zeus Tracker by Hussy, as published by HELP NET SECURITY on February 19, 2013.

It is also held that this particular Citadel campaign is intended at organizations including the BMO Financial Group, RBC Royal Bank and CIBC.

While investigating into the upstream providers of ISP, Hussy also discovered some names that are easily recognizable to botnet researchers. It also recommends network operators to plunge any packets from or to the networks that are in the network's edge.

However, such spam campaigns are quite common. In fact, according to Hussy, 1-3 such campaigns are seen everyday. With this precise campaign, it is not dispatched out by spam botnet (usually Cutwail, Festi or Kelhios), but via compromised e-mail servers. Till now, about 30 spams sending SMTP (Simple Mail Transfer Protocol) were abused in this spam campaign, as published by abuse.ch on February 18, 2013.

To conclude, this is not the first time that these cybercriminals are sending out fake notifications in the name of Delta Airlines in an attempt to trick users towards installing malware. Even a few months ago, distribution of fake antivirus has been observed in a similar manner.

Related article: Spam Scam Bags a Scottish Connection

ยป SPAMfighter News - 25-02-2013

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next