This fake American Airlines spam leads to malware on saprolaunimaxim.ru:From: "Tereasa Mcwilliams" [lourdes@petalfresh.net]
Date: 14 June 2012 01:36:47 GMT+01:00
Subject: FWD: American Airlines Order
Dear Customer,
FLIGHT NUMBER A47-282
DATE & TIME / JUNE 26, 2012, 12:148 PM
ARRIVING: NEW YORK JFK
TOTAL PRICE : 285.54 USD
Please download and print out your ticket here:
DOWNLOAD
Amercian Airlines
The malicious payload is at [donotclick]saprolaunimaxim.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) which is the same as used in this attack two days ago, however since then the IPs have changed to:
78.83.233.242 (Spectrum Net JSC, Bulgaria)
173.224.209.130 (Psychz Networks, US)
The following domains and IPs are related and should be blocked if you can:
50.57.43.49
50.57.88.200
78.83.233.242
89.108.75.155
89.111.177.151
173.224.209.130
187.85.160.106
girlsnotcryz.ru
hamlovladivostok.ru
holigaansongeer.ru
huletydyshish.ru
insomniacporeed.ru
paranoiknepjet.ru
pekarniamsk.ru
piloramamoskow.ru
pistolitnameste.ru
puleneprobivaemye.ru
pushkidamki.ru
saprolaunimaxim.ru
seledkindoms.ru
spbfotomontag.ru
uzindexation.ru
No comments:
Post a Comment