Sponsored by..

Wednesday, 24 October 2012

Contract spam / fidelocastroo.ru

This fake contact spam leads to malware on fidelocastroo.ru:

Date:      Tue, 23 Oct 2012 12:33:51 -0800
From:      "Wilburn TIMMONS" [HIWilburn@hotmail.com]
Subject:      Fw: Contract from Wilburn
Attachments:     Contract_Scan_DS23656.htm


In the attached file I am transferring you the Translation of the Job Contract that I have just received today. I am really sorry for the delay.

Best regards,

Wilburn TIMMONS, secretary
The .htm attachment contains obfuscated javascript that attempts to direct the visitor to a malicious [donotclick]fidelocastroo.ru:8080/forum/links/column.php. This domain name has been used in several recent attacks and is currently multihomed on some familiar IP addresses: (President of French Polynesia) (MYREN, Malaysia) (eNet, US)

No comments: