Sponsored by..

Friday, 20 July 2012

Wire Transfer spam / porschedesignrussia.ru

This fake wire transfer spam leads to malware on porschedesignrussia.ru:

Date:      Fri, 20 Jul 2012 04:10:52 +0100
Subject:      RE: Your Wire Transfer N02526593

Good morning,

Wire debit transfer was canceled by the other financial institution.

Canceled transfer:


Transfer Report: View

Federal Reserve Wire Network

The malicious payload is at [donotclick]porschedesignrussia.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IPs:

These are the same IP addresses as used in this attack from yesterday. Blocking them would probably be prudent.

No comments: