Sponsored by..

Monday 3 December 2012

"Scan from a Hewlett-Packard ScanJet" spam / somaliaonfloor.ru

This fake printer spam leads to malware on somaliaonfloor.ru:

Date:      Mon, 3 Dec 2012 09:25:59 -0600
From:      Bebo Service [service@noreply.bebo.com]
Subject:      Fwd: Re: Scan from a Hewlett-Packard ScanJet #3838

A document was scanned and sent to you using a Hewlett-Packard HP15310290

Sent to you by: ROSIO
Pages : 8
Filetype(s): Images (.jpeg) View

==========

Date:      Mon, 3 Dec 2012 11:06:22 -0500
From:      "service@paypal.com" [service@paypal.com]
Subject:      Re: Fwd: Scan from a Hewlett-Packard ScanJet 33712789

A document was scanned and sent to you using a Hewlett-Packard HP8220647

Sent to you by: CLAUDIA
Pages : 7
Filetype(s): Images (.jpeg) View
The malicious payload is at [donotclick]somaliaonfloor.ru:8080/forum/links/public_version.php hosted on the same IPs used in this attack.

113.197.88.226 (ULNetworks, Korea)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)

No comments: