Sponsored by..

Tuesday, 20 November 2012

"Don't forget about meeting tomorrow" spam / hamasutra.ru

This spam leads to malware on hamasutra.ru:

From: Lula Stevens [mailto:JolieWright@shaw.ca]
Sent: 20 November 2012 05:57
Subject: Don't forget about meeting tomorrow

Don't forget this report for meeting tomorrow.
See attached file. (Internet Explorer file) 

In the sample I have seen, there is an attachment called Report.htm with some obfuscated javascript leading to a malicious payload at [donotclick]hamasutra.ru:8080/forum/links/column.php hosted on the following IPs: (1&1, Germany) (GNet, Mongolia) (MYREN, Malaysia) (Psychz Networks, US)

Plain list:

No comments: