Sponsored by..

Thursday, 15 November 2012

Changelog spam / feronialopam.ru

This fake "Changelog" spam leads to malware on feronialopam.ru:

Date:      Thu, 15 Nov 2012 10:43:59 +0300
From:      "Xanga" [noreply@xanga.com]
Subject:      Re: Changelog 2011 update
Attachments:     changelog-12.htm


as promised chnglog attached (Internet Explorer File)


Date:      Thu, 15 Nov 2012 05:43:09 -0500
From:      Chaz Shea via LinkedIn [member@linkedin.com]
Subject:      Re: Changelog as promised(updated)
Attachments:     Changelog-12.htm


as prmised changelog is attached (Internet Explorer File)

The malicious payload is at [donotclick]feronialopam.ru:8080/forum/links/column.php hosted on a familiar looking bunch of IP addresses that you really should block: (Sitehost, New Zealand) (GNet, Mongolia) (MYREN, Malaysia)

No comments: