This rather terse spam appears to leads to an exploit kit on sidesgenealogist.org:From: Josefina Underwood [mailto:hdFQe@heathrowexpress.com]The link is to a legitimate hacked site, and in this case it attempts to bounce to [donotclick]sidesgenealogist.org/closest/c93jfi2jf92ifj39ugh2jfo3g.php but at the time of writing the malware site appears to be overloaded. However, we can find an earlier report for the same sever here that indicates an exploit kit.
Sent: 27 February 2013 16:43
Subject: Follow this link
I have found it http://www.eurosaudi.com/templates/beez/wps.php?v20120226
Sincerely yours,
Sara Walton
The malware is hosted on 188.93.210.226 (Logol.ru, Russia). I would recommend blocking the entire 188.93.210.0/23 range to be on the safe side. These other two domains are in the same AS and are currently active:
reinstalltwomonthold.org
nephewremovalonly.org
scriptselse.org
everflowinggopayment.net
No comments:
Post a Comment