Sponsored by..

Thursday, 31 January 2013

FDIC spam / 123435jynfbdf.myWWW.biz

More FDIC themed spam, leading to a malicious payload on the same IP as this one:

From: ".Афанасьев@fdic.gov" [mailto:dickysmv341@homesextapes.com]
Sent: 30 January 2013 15:03
Subject: Changing security requirements
Importance: High

Dear Sirs,

In connection with the introduction of a new security system for the purpose of preventing new cases of wire fraud, all your account ACH and WIRE transactions will be temporarily blocked unless the special security requirements are met.. In order to fully re-establish your account, you are asked to install a special security software. Please open the link below to download and install the latest security version.

We apologize for the inconveniences caused to you by this measure.
Please do not hesitate to contact us if you have any questions.

Yours faithfully,

Federal Deposit Insurance Corporation
Security Department 
In this case the malicious payload is at [donotclick]123435jynfbdf.myWWW.biz./closest/984y3fh8u3hfu3jcihei.php and is hosted on 91.218.121.86 (CoolVDS / Kutcevol Maksum Mukolaevichm, US). At the moment the following domains seem to be active:

123435jynfbdf.myWWW.biz
1wstdfgh.organiccrap.com
23v4tn6dgdr.organiccrap.com
v446numygjsrg.mymom.info
1wvrbtnytjtyjj.mymom.info
1ewgthytj.mymom.info
3vbtnyumv.ns02.us
crvbhn7jbtd.mywww.biz
1dfcsdbnhgnnh.mywww.biz
13rehjkfr.mywww.biz


No comments: