This fake Sendspace spam leads to malware on apendiksator.ru:Date: Thu, 20 Dec 2012 09:25:36 -0300
From: "SHIZUKO Ho"
Subject: You have been sent a file (Filename: [redacted]-28.pdf)
Sendspace File Delivery Notification:
You've got a file called [redacted]-6110219.pdf, (286.58 KB) waiting to be downloaded at sendspace.(It was sent by SHIZUKO Ho).
You can use the following link to retrieve your file:
Download Link
The file may be available for a limited time only.
Thank you,
sendspace - The best free file sharing service.
----------------------------------------------------------------------
Please do not reply to this email. This auto-mailbox is not monitored and you will not receive a response.
===============================
Date: Thu, 20 Dec 2012 05:05:02 +0100
From: "GENNIE Hensley"
Subject: You have been sent a file (Filename: [redacted]-7123391.pdf)
Sendspace File Delivery Notification:
You've got a file called [redacted]-38335.pdf, (282.44 KB) waiting to be downloaded at sendspace.(It was sent by GENNIE Hensley).
You can use the following link to retrieve your file:
Download Link
The file may be available for a limited time only.
Thank you,
sendspace - The best free file sharing service.
---------------------------------------------------------------------
Please do not reply to this email. This auto-mailbox is not monitored and you will not receive a response.
The malicious payload is at [donotclick]apendiksator.ru:8080/forum/links/column.php hosted on:
91.224.135.20 (Proservis UAB, Lithunia)
187.85.160.106 (Ksys Soluções Web, Brazil)
210.71.250.131 (Chunghwa Telecom, Taiwan)
These IPs and domains are all related and should be blocked:
91.224.135.20
187.85.160.106
210.71.250.131
afjdoospf.ru
angelaonfl.ru
akionokao.ru
apendiksator.ru
No comments:
Post a Comment