Sponsored by..

Friday, 12 October 2012

Wire Transfer spam / geforceexlusive.ru

This fake wire transfer spam leads to malware on geforceexlusive.ru:

From: Xanga [mailto:noreply@xanga.com]
Sent: 12 October 2012 11:27
Subject: Fwd: Wire Transfer Confirmation (FED_6537H57898)

Dear Bank Account Operator,
WIRE TRANSFER: WRE-282857636652198

Please REVIEW YOUR TRANSACTION as soon as possible.
The malicious payload is at [donotclick]geforceexlusive.ru:8080/forum/links/column.php hosted on the following IPs: (Fibrenoire, Canada) (UAB Interneto Vizija, Lithunia) (MYREN, Malaysia)

These IPs are worth blocking as they will probably also be used in future attacks.

No comments: