This spam attempts to load malware from live-satellite-view.net, but fails because at the moment the domain isn't registered. However, you can expect them to try again.. so watch out for emails like this.From: FFIEC [mailto:complaints@ffiec.gov]The attempted download is from [donotclick]live-satellite-view.net/detects/advanced_selected_determines_comparison.php although it fails to resolve. Perhaps the registrar nuked the domain? However, it is possible to tell that the nameservers were ns1.http-page.net and ns2.http-page.net, and up investigate it turns out that all the following IPs and domains are related and should be treated as malicious:
Sent: 06 February 2013 16:17
Subject: FFIEC Occasion No. 77715
This summons is meant to make advise of file # 77715 which is opened and under interrogative with FFIEC following a accusation of your Financial Institution regarding suspect financial activity on your account.
A hard copy of this judicial process will be delivered to your business address.
Our institution will forward information to competent government agencies following this accusation.
Information and contacts regarding your Occasion file # can be found at
Occasion Number: 77715
Observed by
Federal Financial Institution Examination Council
Emily Gray
7.129.51.158
31.170.106.17
74.4.6.128
98.144.191.50
175.121.229.209
198.144.191.50
208.117.43.145
222.238.109.66
able-stock.net
capeinn.net
duriginal.net
euronotedetector.net
gonita.net
gutprofzumbns.com
http-page.net
live-satellite-view.net
morepowetradersta.com
ocean-movie.net
starsoftgroup.net
vespaboise.net
1 comment:
2 more examples for you
http://pastie.org/private/vbqutyjt2ryeowugxt7nqq#1
Post a Comment