Sponsored by..

Thursday 8 December 2011

Malware: "Your new contract" / coredret.ru

Spam season continues with this fake "contract" email with a link that leads to a malicious payload on coredret.ru/main.php.

Date:      Thu, 8 Dec 2011 01:58:25 +0700
From:      "Daisy Newby" [CadenHolmgren@hanmail.net]
Subject:      Your new contract

As we arranged the day before yesterday in the in your place we've got the contract ready, plase study it carefully and let us know whether you accept all the issues.
We've attached the copy of the contract below
Contract.doc 36kb


Best Wishes
Daisy Newby


Fingerprint: bfe69dcc-ccc03723

coredret.ru is hosted on 91.195.11.41 (UkrStar ISP, Ukraine). 91.195.10.0/23 is very sparsely populated, so blocking access to it should cause no problems.

No comments: