I know i've says i will do some articles about real life 'underground' before starting again on malwares but i've received (like many) a fake LinkedIn Spam who send you on Blackhole Exploit Kit and who deliver Citadel payload, with some guys in twitter, we investigated the case.
Fake mail from LinkedIn:
Report done by @MalwareMustDie: http://pastebin.com/raw.php?i=z7n6SVxf
By Kim: http://stopmalvertising.com/spam-scams/unsolicited-email-from-linkedin-invites-zeus-bot.html
Following a Kafeine post about the latest update of Citadel, i've gived a f*ck, trying to get the latest version.
Finally that will be done by hack with (too) many attempts on different servers and with lulz on some:
Want more malware fail ?
Well, let's see the latest advert:
Still with lame joke:
Overview of C&C package:
Personal Manual (for translation, http://translate.google.com/?hl=en&sl=ru&tl=en):
Like i've already told on many e-mails, i'm not really into Citadel tracking, if you want more, i think you should follow Kafeine works, he seem passionate like i was for SpyEye.
PS: Congratulation Aquabox for your 'rain edition' released since one week, it took me just one LinkedIn Spam to get my attention and get the package (and i'm just a simple guys, not from AV business)
"You can run but you can't hide" researchers will always have your crapwares sooner or later.