Sponsored by..

Tuesday 14 August 2012

"We can not charge your credit card" spam / kefrikin.ru

This spam pretends to be from Amazon. Or UPS. Or perhaps both. Anyway, it leads to malware on kefrikin.ru:


Date:      Tue, 14 Aug 2012 05:26:05 +0200
From:      "ups" [mail@ups.com]
Subject:      We can not charge your credit card
Attachments:     Amazon_Invoice.htm

    Your Account | Help
Your credit card was blocked.
We tried to withdraw money from your credit card, but your bank decline it. In the attachment you will be found a invoice from your last order. Please pay this invoice as soon as possible.

Conditions of Use Privacy Notice � 1996-2012, Amazon.com, Inc. or its affiliates

The attachment Amazon_Invoice.htm is malicious and it attempts to download a malicious script from [donotcick]kefrikin.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IPs (which have all been used for malware distribution several times):

190.120.228.92
199.71.212.78
203.80.16.81


No comments: