Sponsored by..

Wednesday 20 February 2013

"Wire transfer" spam / fulinaohps.ru

This fake wire transfer spam leads to malware on fulinaohps.ru:

Date:      Wed, 20 Feb 2013 04:28:14 +0600
From:      accounting@[victimdomain]
Subject:      Fwd: ACH and Wire transfers disabled.

Dear Online Account Operator,

Your ACH transactions have been
temporarily disabled.
View details

Best regards,
Security department
The malicious payload is at [donotclick]fulinaohps.ru:8080/forum/links/column.php (report here) hosted om the following IPs:

84.23.66.74 (EUserv Internet, Germany)
195.210.47.208 (PS Internet Company, Kazakhstan)
210.71.250.131 (Chungwa Telecom, Taiwan)

These are the same IPs as used in this attack, you should block them if you can.

No comments: