Citadel targeting Canadainforick, i thought this domain was done to annoy Rick of MalwareMustDie but seem not related. A friend (Kafeine) have found this binary, it was loaded via Impact Exploit Kit. The Citadel domain 'inforick.com' seem hijacked, there is no trace of C&C on this server, just a gate.php who act as redirector on another domain. Drop: hxtp://inforick.com/img/gate.php Infection: hxtp://inforick.com/zip/fil
Trusteer Solutions | Fraud Detection - IBM
