Sponsored by..

Thursday 9 August 2012

"Verify your order" spam / qapskhnxlfuc.info

This spam leads to malware on qapskhnxlfuc.info:

Date:      Thu, 09 Aug 2012 21:25:41 +0200
From:      "New order" [30F5DC6@tendbeyond.com]
To:      [redacted]
Subject:      Verify your order

Dear [redacted],

please verify your order #447256 at http://mailnegnu.com/FlashSoundNew/welcome19205.php?user_id=[redacted]&order_id=1EDDB29B4E

We hope to see you again soon!

The malicious payload is at [donotclick]qapskhnxlfuc.info/main.php?page=3f19233d6515cd5d (http://wepawet.iseclab.org/view.php?hash=0192c837b292369c4205be3b8fbd34b9&t=1344548568&type=jshttp://wepawet.iseclab.org/view.php?hash=0192c837b292369c4205be3b8fbd34b9&t=1344548568&type=js) hosted on 54.245.115.106 (Amazon.com, US) along with the following domains that you can also assume are malicious:

keopsyc.org
ydxmzbrnjoqc.info
pjldxysgnfh.info
bfkepzvscyjh.info
drogiyfwan.info
vkycwjqdrn.info
zutacxsyiq.info
dnytximqszfr.info
wexnfvciumr.info
wfzijmubdgtv.info
nkcxlmgzuhw.info
fzblvmwoix.info
diocqvenmxz.info

No comments: