Sponsored by..

Thursday 29 December 2011

"Your Changelog UPDATED" / cjredret.ru

Another spam, another "redret" domain. This time the spam is a "changelog" one, the malicious payload is on cjredret.ru/main.php.

Date:      Thu, 29 Dec 2011 07:59:51 +0200
From:      accounting@victimdomain.com
Subject:      Re: Fwd: Your Changelog UPDATED

Hello,

as promised chnglog updated -: View Changelog

Carey CATHERINE

The site is hosted on 91.222.137.170 (Delta-X, Ukraine), the same IP address as yesterday. If you don't have any reason to send traffic to the Ukraine, blocking access to 91.222.136.0/22 might be prudent.

No comments: