Sponsored by..

Friday, 9 March 2012

"Scan from a HP Officejet #235612" / cnnvcnsaoljfrut.ru

Another fake OfficeJet spam with a malicious attachment:

Date:      Fri, 9 Mar 2012 05:40:05 +0100
From:      "Valentino CONNELLY"
Subject:      Scan from a HP Officejet #235612
Attachments:     HP_Document_SPK23127.htm

Attached document was scanned and sent

to you using a Hewlett-Packard HP Officejet 2975OF.

Sent: by Valentino
Image(s) : 1
Attachment: HTML [.htm]

Hewlett-Packard Officejet Location: machine location not set
Device: POD866K0PL44119329S

The malware is on cnnvcnsaoljfrut.ru:8080/images/aublbzdni.php  (report here) which is multihomed on a familiar looking list of IP addresses: (Corbina Telecom, Russia) (Netia Telekom, Poland) (Optimate-server, Germany) (Tata Teleservices, India) (Bharti Infotel, India) (Telmex, Peru) (State Technical University of Saint-Petersburg, Russia) (Satata Neka Tama, Indonesia) (Commission For Science And Technology, Pakistan) (SK Broadband Co Ltd, Korea)

Plain list for copy-and-pasting:

No comments: