Another spam, another "redret" domain. This time the spam is a "changelog" one, the malicious payload is on cjredret.ru/main.php.Date: Thu, 29 Dec 2011 07:59:51 +0200
From: accounting@victimdomain.com
Subject: Re: Fwd: Your Changelog UPDATED
Hello,
as promised chnglog updated -: View Changelog
Carey CATHERINE
The site is hosted on 91.222.137.170 (Delta-X, Ukraine), the same IP address as yesterday. If you don't have any reason to send traffic to the Ukraine, blocking access to 91.222.136.0/22 might be prudent.
No comments:
Post a Comment