Sponsored by..

Monday, 19 March 2012

"Fwd: Your Flight N 76-124339" spam / dnvfodooshdkfhha.ru

Here's a "flight ticket" spam leading to malware:

Date:      Tue, 20 Mar 2012 11:56:41 +0900
From:      "DEDE Rainey"
Subject:      Re: Fwd: Your Flight N 76-124339
Attachments:     FLIGHT_TICKET_N-A7401085.htm

Dear Customer,


DATE/TIME : MARCH 28, 2011, 14:13 PM


PRICE : 906.20 USD

Your bought ticket is attached to the letter as a scan document (Internet Exlporer File).

To use your ticket you should print it.

DEDE Rainey,

The attachment tries to redirect the victim to a malware site on dnvfodooshdkfhha.ru:8080/images/aublbzdni.php (report here) and as with most of the .ru:8080 attacks we see, this one is multihomed: (Microlink Latvia Ltd, Latvia) (Spectrum, Bulgaria) (Netia, Poland) (Bharti Infotel, India) (Slicehost, US) (Century Telecom Ltda, Brazil) (Satata Net, Indonesia) (Slicehost, US) (Commission for Science and Technology, Pakistan) (Commission for Science and Technology, Pakistan) (Sejong Telecom, Korea) (SK Broadband Co Ltd, Korea) (Sakura Internet Inc, Japan)

Plain list for copy and pasting:

No comments: