Experts have found that the spam campaign is distributing the Citadel malware

Feb 20, 2013 00:31 GMT  ·  By

Abuse.ch reports seeing a spam campaign that leverages the name and reputation of Delta Airlines in an attempt to distribute pieces of malware.

The bogus emails, which inform recipients that a ticket has been purchased with their credit cards, come with an attachment that contains a malicious screensaver file, pdf_delta_ticket.scr.

This file hides a version of the Citadel malware that’s designed to avoid virtual machine environments to prevent researchers from analyzing it. Once it’s executed, the threat attempts to connect to various command and control servers.

Experts believe that this particular Citadel campaign is aimed at organizations such as the BMO Financial Group, RBC Royal Bank and CIBC.

A technical analysis of the threat can be found on Abuse.ch.

This is not the first time when cybercriminals send out bogus Delta Airlines notifications in an attempt to trick users into installing malware. A few months ago, we saw them trying to distribute a fake antivirus in a similar manner.