Sponsored by..

Thursday, 22 August 2013

Red Sox Baseball spam / lindoliveryct.net

This fake Red Sox spam leads to malware on lindoliveryct.net:

Date:      Thu, 22 Aug 2013 13:02:19 -0400 [13:02:19 EDT]
From:      ticketoffice@inbound.redsox.com
Subject:      Thank You for your order. ( RSXV - 4735334 - 0959187 )

Thank you for your recent ticket purchase. We truly appreciate your support and commitment to Red Sox Baseball. If you have any questions regarding your purchase, please contact our Ticket Services department by calling (toll free) 877-REDSOX9.

Note that you will receive a separate email within the next two business days which will include the vouchers you will need for both parking at the Prudential Center and your Duck Boat ride to the ballpark, included in each End of Summer Family Pack purchase.

Please remember that all sales are final-there are no refunds or exchanges issued on any tickets. Also note that all game times are subject to change. Be sure to visit redsox.com for the latest Red Sox news and any game time updates.

Thanks again! We look forward to seeing you at the ballpark this season.

Boston Red Sox Ticketing Department

The following is your on-line ticket purchase summary:

Order Summary

----------------------------------------------------------
Paid by:
AMEX

Deliver To:
Kyle Ortiz
Ship via - Regular Mail

Delivery Method: Regular Mail

Tickets will be mailed no later than one week prior to the first game in your order.
NOTE: All amounts for this event are in US Dollars ($)

Your confirmation number is: RSXV - 4735334 - 0959187
----------------------------------------------------------
The tickets you have purchased are:
White Sox at Red Sox
Friday, 8/30/13
at 7:10PM EDT
Grandstand
Section    Row    Seat        Price    Type
G21     16    4         $55.00    End of Summer Family Pack
G21     16    5         $55.00    End of Summer Family Pack
G21     16    6         $55.00    End of Summer Family Pack
G21     16    7         $55.00    End of Summer Family Pack
Convenience fee for 4 seats $18.00
<%­dEventToOutlook%>

----------------------------------------------------------
Subtotal: $238.00
Order Processing: $7.00
Total: $245.00

Thank you,

The Boston Red Sox

The link goes through a legitimate hacked site (in this case using a WordPress flaw) and ends up on [donotclick]www.redsox.com.tickets-service.lindoliveryct.net/news/truck-black.php (report here) which is actually the domain lindoliveryct.net rather than redsox.com.

The WHOIS details for this domain are fake and indicate it is the work of the Amerika gang:

        Teresa Richey zsupercats@yahoo.com
        40 Parker Street
        Newburyport
        MA
        01950
        US
        Phone: +1.9783615311


The malicious domain is multihomed on the following IPs which host several other malicious domains:
66.230.163.86 (Goykhman And Sons LLC, US)
86.183.191.35 (BT, UK)
188.134.26.172 (Perspectiva Ltd, Russia)

Recommended blocklist:
66.230.163.86
86.183.191.35
188.134.26.172
50plus-login.com
aa.com.reservation.viewfareruledetailsaccess.do.sai-uka-sai.com
actiry.com
askfox.net
bnamecorni.com
boxbass.com
briltox.com
epackage.ups.com.shanghaiherald.net
evenyouseemeinmin49.net
evishop.net
facebook.com.n.find-friends.lindoliveryct.net
facebook.com.n.find-friends.oncologistoncology.net
frutpass.ru
intcheck.com
kemingpri.com
klwines.com.order.complete.prysmm.net
labscaner.com
laptopsinstalled.net
liliputttt9999.info
lindoliveryct.net
links.emails.bmwusa.com.open.pagebuoy.net
lucams.net
merchantcenter.intuit.com.click-for-click.com
micnetwork100.com
microsoftstore.com.store.msusa.en_us.displaydownloadhistorypage.kemingpri.com
musicstudioseattle.net
nvufvwieg.com
oleannyinsurance.net
onemessage.verizonwireless.com.verizonwirelessreports.com
package.ups.com.shanghaiherald.net
pagebuoy.net
photographysmile.net
quill.com.account.settings.musicstudioseattle.net
thefastor.com
tigerdirect.com.secure.orderlogin.asp.palmer-ford.net
tor-connect-secure.com
vip-proxy-to-tor.com
www.herbergers.com.content.customer-service.laptopsinstalled.net
www.microsoftstore.com.store.msusa.en_us.displaydownloadhistorypage.kemingpri.com
www.redsox.com.tickets-service.lindoliveryct.net
www.tigerdirect.com.secure.orderlogin.asp.palmer-ford.net

No comments: