Sponsored by..

Thursday 15 November 2012

Changelog spam / feronialopam.ru

This fake "Changelog" spam leads to malware on feronialopam.ru:


Date:      Thu, 15 Nov 2012 10:43:59 +0300
From:      "Xanga" [noreply@xanga.com]
Subject:      Re: Changelog 2011 update
Attachments:     changelog-12.htm

Hello,



as promised chnglog attached (Internet Explorer File)

==========



Date:      Thu, 15 Nov 2012 05:43:09 -0500
From:      Chaz Shea via LinkedIn [member@linkedin.com]
Subject:      Re: Changelog as promised(updated)
Attachments:     Changelog-12.htm

Hello,



as prmised changelog is attached (Internet Explorer File)

The malicious payload is at [donotclick]feronialopam.ru:8080/forum/links/column.php hosted on a familiar looking bunch of IP addresses that you really should block:

120.138.20.54 (Sitehost, New Zealand)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)

No comments: