Sponsored by..

Tuesday, 17 January 2012

Scan from a Xerox W. Pro spam / coolwebzuzuzu.ru

Another malicious spam, this time leading to an exploit page on coolwebzuzuzu.ru/main.php.

Date:      Tue, 16 Jan 2012 02:50:00 +0000
From:      officejet@victimdomain.com
Subject:      Fwd: Fwd: Scan from a Xerox W. Pro #9522304

A Document was sent to you using a XEROX OFFICE N220337423.

SENT BY: LAURA
IMAGES : 6
FORMAT (.JPG) DOWNLOAD

DEVICE: PD55695SK7AO559107L

coolwebzuzuzu.ru is hosted on 66.225.237.222, HostForWeb in Chicago. There is another malware site on an adjacent IP. You might want to block both IPs or even the whole /24 to be on the safe side.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)