Spam Filtering

Spam Filtering News


Spam E-mail Campaign Masquerading Delta Airlines
*Spam Filter Service News for May 13, 2013

In an attempt to distribute pieces of malware, a reputed Swiss security blog has reported of a spam e-mail campaign leveraging the name and reputation of Delta Airlines.

The fake e-mail informs the recipients about the purchase of a ticket with their credit cards and contains a link leading to a fake site, where the ZIP archive is provided for download. The archive also integrates a screensaver file that contains the Trojan, which currently contains a small detection rate.

According to a reputed Swiss Security Expert and Creator of the, Roman Hussy, this binary is packed by with a packer, which is entirely VM-aware for which it will only run on a indigenous machine. However, once these are infected, the systems attempt to contact various Citadel C&C servers that are situated in the similar subnet belonging to an ISP, Aztec Ltd, and that which have already been scheduled on Zeus Tracker by Hussy, as published by HELP NET SECURITY on February 19, 2013.

It is also held that this particular Citadel campaign is intended at organizations including the BMO Financial Group, RBC Royal Bank and CIBC.

While investigating into the upstream providers of ISP, Hussy also discovered some names that are easily recognizable to botnet researchers. It also recommends network operators to plunge any packets from or to the networks that are in the network's edge.

However, such spam campaigns are quite common. In fact, according to Hussy, 1-3 such campaigns are seen everyday. With this precise campaign, it is not dispatched out by spam botnet (usually Cutwail, Festi or Kelhios), but via compromised e-mail servers. Till now, about 30 spams sending SMTP (Simple Mail Transfer Protocol) were abused in this spam campaign, as published by on February 18, 2013.

To conclude, this is not the first time that these cybercriminals are sending out fake notifications in the name of Delta Airlines in an attempt to trick users towards installing malware. Even a few months ago, distribution of fake antivirus has been observed in a similar manner.

RSS Link Subscribe to Spam News Subscribe