This spam leads to malware on seledkindoms.ru:Date: Wed, 13 Jun 2012 05:27:07 -0500
From: Michel Boudreaux via LinkedIn [member@linkedin.com]
Subject: Your credit card is blocked
Dear Client,
CAUTION: Your credit card is blocked!
With your credit card was removed USD 58,05
Possibly illegal transaction!
VIEW YOUR STATEMENT
Immediately contact your bank .
Best Wishes, VISA Customer Services.
The malicious payload is at [donotclick]seledkindoms.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c hosted on the following IPs:
50.57.43.49 (Slicehost, US)
89.108.75.155 (Agava Ltd, US)
Here's another spam with the same payload:
Date: Wed, 13 Jun 2012 06:21:51 +0200
From: "Classmates . com" [classmatesemail@accounts.classmates.com]
Subject: clongmore, Please confirm your email address with Classmates
Help us ensure your Classmates� notifications
Hi xxxxxxxxxx,
Thanks for joining Classmates�. Please click the button below to help us ensure future email delivery.
Yes, this is xxxxxxxxxx �
Not xxxxxxxxxx, please click here.
Your account details
Registration Number: 3164106744
Email Address: xxxxxxxxxx
Your Password: 534B962E Change password
You can change your password to whatever you want.
Change it now �
Tips on finding the posts, photos and stories that people
are sharing with your community.
TO PROTECT YOUR PRIVACY:
Do not forward this email to anyone not authorized by you to access your profile. For more information, see our Privacy Policy.
You are receiving this email as part of your Memory Lane membership.
We are unable to respond to messages sent to this automated email address, so if you have questions or have received this message in error, visit the Online Help Center.
Memory Lane, Inc., d/b/a Classmates.com 333 Elliott Ave. W., Seattle, WA 98119
� 1995-2012 Memory Lane, Inc., d/b/a Classmates.com. All Rights Reserved.
ff
No comments:
Post a Comment