Sponsored by..

Thursday, 15 March 2012

"Scan from a Hewlett-Packard ScanJet " malware / dsakhfgkallsjfd.ru

Another malicious spam campaign, this time with an attachment leading to a malware payload at dsakhfgkallsjfd.ru:8080/images/aublbzdni.php

Date:      Thu, 15 Mar 2012 -01:08:49 -0800
From:      scanner@victimdomain.com
Subject:      Re: Fwd: Scan from a Hewlett-Packard ScanJet 92186094
Attachments:     HP_Document-15-905.htm

Attached document was scanned and sent

to you using a Hewlett-Packard ScanJet 56348K.

FILETYPE: .HTML [Internet Explorer File]

There's further malicious code at dsakhfgkallsjfd.ru:8080/images/xlhwhrfvfsxubl.php (report here) - the dsakhfgkallsjfd.ru domain is multihomed on the following IP addresses: (Microlink Latvia Ltd, Latvia) (Spectrum, Bulgaria) (Vimpelcom, Russia) (Netia, Poland) (Kazakhtelecom, Kazakhstan) (Optimate-Server, Germany) (Tata Teleservices, India) (Telekomunikasi, Indonesia) (Bharti Infotel, India) (Slicehost, US) (Slicehost, US) (Telmex, Peru) (State Technical University of Saint-Petersburg, Russia) (Century Telecom Ltda, Brazil) (Satata Net, Indonesia) (Slicehost, US) (Commission for Science and Technology, Pakistan) (Commission for Science and Technology, Pakistan) (Sejong Telecom, Korea) (SK Broadband Co Ltd, Korea) (Sakura Internet Inc, Japan)

Plain list for copy-and-pasting:

No comments: