Sponsored by..

Wednesday, 20 February 2013

"Wire transfer" spam / fulinaohps.ru

This fake wire transfer spam leads to malware on fulinaohps.ru:

Date:      Wed, 20 Feb 2013 04:28:14 +0600
From:      accounting@[victimdomain]
Subject:      Fwd: ACH and Wire transfers disabled.

Dear Online Account Operator,

Your ACH transactions have been
temporarily disabled.
View details

Best regards,
Security department
The malicious payload is at [donotclick]fulinaohps.ru:8080/forum/links/column.php (report here) hosted om the following IPs: (EUserv Internet, Germany) (PS Internet Company, Kazakhstan) (Chungwa Telecom, Taiwan)

These are the same IPs as used in this attack, you should block them if you can.

No comments: