Sponsored by..

Thursday 15 March 2012

goo.gl/FP84h link leads to malware

Another malware campaign using the goo.gl redirector leading to a malicious payload, this time on

From:     OP 25939760 Y tuelkv60@yahoo.com
To:     ptofomen@elpuertosm.net
Date:     15 March 2012 08:35
Subject:     LinkedIn Corporation account on Hold Ref78087257
Signed by:     yahoo.com

< !--PZ 62188868 V


XR 28309138 C

The goo.gl redirector goes to shfd19za.roversmolina.ru (multihomed, see below) and then ends up on a malicious page at (Nuclear Fallout Enterprises, US again).

The intermediate site is multihomed on what looks like a botnet: (HINET, Tawian) (2day Telecom, Kazakhstan) (Rostelecom, Russia) (Sibtranstelecom, Russia) (Tata Communications, India) (True Internet, Thailand) (Ufanet, Russia) (Vimpelcom, Russia) (Kazakhtelecom, Kazakhstan) (Kazakhtelecom, Kazakhstan) (Kazakhtelecom, Kazakhstan) (Telekom Slovenije, Slovenia) (ER-Telecom Holding, Russia) (Pune Mobile Subscriber, India) (HINET, Taiwan) (BSNL Internet, India) (Airtel, India) (VNPT, Vietnam) (VNPT, Vietnam) (Rostelecom, Russia)

Plain list for copy-and-pasting:

No comments: